github/OpenHands
1
0
Fork 0
mirror of https://github.com/OpenHands/OpenHands.git synced 2026-03-22 05:37:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add timeout to Keycloak operations and convert OfflineTokenStore to async (#13096)

Browse Source 
Co-authored-by: openhands <openhands@all-hands.dev>
This commit is contained in:
Tim O'Farrell
2026-03-02 03:48:45 -05:00
committed by GitHub
parent d6b8d80026
commit e1408f7b15
45 changed files with 1577 additions and 1341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
enterprise/integrations/github/github_solvability.py
View File

@@ -14,7 +14,6 @@ from integrations.solvability.models.summary import SolvabilitySummary
from integrations.utils import ENABLE_SOLVABILITY_ANALYSIS from integrations.utils import ENABLE_SOLVABILITY_ANALYSIS
from pydantic import ValidationError from pydantic import ValidationError
from server.config import get_config from server.config import get_config
from storage.database import session_maker
from storage.saas_settings_store import SaasSettingsStore from storage.saas_settings_store import SaasSettingsStore
from openhands.core.config import LLMConfig from openhands.core.config import LLMConfig
@@ -90,7 +89,6 @@ async def summarize_issue_solvability(
# Grab the user's information so we can load their LLM configuration # Grab the user's information so we can load their LLM configuration
store = SaasSettingsStore( store = SaasSettingsStore(
user_id=github_view.user_info.keycloak_user_id, user_id=github_view.user_info.keycloak_user_id,
session_maker=session_maker,
config=get_config(), config=get_config(),
) )

4
enterprise/integrations/store_repo_utils.py
View File

@@ -42,11 +42,11 @@ async def store_repositories_in_db(repos: list[Repository], user_id: str) -> Non
try: try:
# Store repositories in the repos table # Store repositories in the repos table
repo_store = RepositoryStore.get_instance(config) repo_store = RepositoryStore.get_instance(config)
repo_store.store_projects(stored_repos) await repo_store.store_projects(stored_repos)
# Store user-repository mappings in the user-repos table # Store user-repository mappings in the user-repos table
user_repo_store = UserRepositoryMapStore.get_instance(config) user_repo_store = UserRepositoryMapStore.get_instance(config)
user_repo_store.store_user_repo_mappings(user_repos) await user_repo_store.store_user_repo_mappings(user_repos)
logger.info(f'Saved repos for user {user_id}') logger.info(f'Saved repos for user {user_id}')
except Exception: except Exception:

7
enterprise/server/auth/domain_blocker.py
View File

@@ -1,5 +1,4 @@
from storage.blocked_email_domain_store import BlockedEmailDomainStore from storage.blocked_email_domain_store import BlockedEmailDomainStore
from storage.database import session_maker
from openhands.core.logger import openhands_logger as logger from openhands.core.logger import openhands_logger as logger
@@ -23,7 +22,7 @@ class DomainBlocker:
logger.debug(f'Error extracting domain from email: {email}', exc_info=True) logger.debug(f'Error extracting domain from email: {email}', exc_info=True)
return None return None
def is_domain_blocked(self, email: str) -> bool: async def is_domain_blocked(self, email: str) -> bool:
"""Check if email domain is blocked by querying the database directly via SQL. """Check if email domain is blocked by querying the database directly via SQL.
Supports blocking: Supports blocking:
@@ -45,7 +44,7 @@ class DomainBlocker:
try: try:
# Query database directly via SQL to check if domain is blocked # Query database directly via SQL to check if domain is blocked
is_blocked = self.store.is_domain_blocked(domain) is_blocked = await self.store.is_domain_blocked(domain)
if is_blocked: if is_blocked:
logger.warning(f'Email domain {domain} is blocked for email: {email}') logger.warning(f'Email domain {domain} is blocked for email: {email}')
@@ -63,5 +62,5 @@ class DomainBlocker:
# Initialize store and domain blocker # Initialize store and domain blocker
_store = BlockedEmailDomainStore(session_maker=session_maker) _store = BlockedEmailDomainStore()
domain_blocker = DomainBlocker(store=_store) domain_blocker = DomainBlocker(store=_store)

2
enterprise/server/auth/github_utils.py
View File

@@ -1,7 +1,7 @@
from integrations.github.github_service import SaaSGitHubService from integrations.github.github_service import SaaSGitHubService
from pydantic import SecretStr from pydantic import SecretStr
from server.auth.auth_utils import user_verifier
from enterprise.server.auth.auth_utils import user_verifier
from openhands.core.logger import openhands_logger as logger from openhands.core.logger import openhands_logger as logger
from openhands.integrations.github.github_types import GitHubUser from openhands.integrations.github.github_types import GitHubUser

32
enterprise/server/auth/saas_user_auth.py
View File

@@ -18,9 +18,10 @@ from server.auth.token_manager import TokenManager
from server.config import get_config from server.config import get_config
from server.logger import logger from server.logger import logger
from server.rate_limit import RateLimiter, create_redis_rate_limiter from server.rate_limit import RateLimiter, create_redis_rate_limiter
from sqlalchemy import delete, select
from storage.api_key_store import ApiKeyStore from storage.api_key_store import ApiKeyStore
from storage.auth_tokens import AuthTokens from storage.auth_tokens import AuthTokens
from storage.database import session_maker from storage.database import a_session_maker
from storage.saas_secrets_store import SaasSecretsStore from storage.saas_secrets_store import SaasSecretsStore
from storage.saas_settings_store import SaasSettingsStore from storage.saas_settings_store import SaasSettingsStore
from tenacity import retry, retry_if_exception_type, stop_after_attempt, wait_fixed from tenacity import retry, retry_if_exception_type, stop_after_attempt, wait_fixed
@@ -124,7 +125,7 @@ class SaasUserAuth(UserAuth):
if secrets_store: if secrets_store:
return secrets_store return secrets_store
user_id = await self.get_user_id() user_id = await self.get_user_id()
secrets_store = SaasSecretsStore(user_id, session_maker, get_config()) secrets_store = SaasSecretsStore(user_id, get_config())
self.secrets_store = secrets_store self.secrets_store = secrets_store
return secrets_store return secrets_store
@@ -161,12 +162,13 @@ class SaasUserAuth(UserAuth):
try: try:
# TODO: I think we can do this in a single request if we refactor # TODO: I think we can do this in a single request if we refactor
with session_maker() as session: async with a_session_maker() as session:
tokens = ( result = await session.execute(
session.query(AuthTokens) select(AuthTokens).where(
.where(AuthTokens.keycloak_user_id == self.user_id) AuthTokens.keycloak_user_id == self.user_id
.all()
) )
)
tokens = result.scalars().all()
for token in tokens: for token in tokens:
idp_type = ProviderType(token.identity_provider) idp_type = ProviderType(token.identity_provider)
@@ -192,11 +194,11 @@ class SaasUserAuth(UserAuth):
'idp_type': token.identity_provider, 'idp_type': token.identity_provider,
}, },
) )
with session_maker() as session: async with a_session_maker() as session:
session.query(AuthTokens).filter( await session.execute(
AuthTokens.id == token.id delete(AuthTokens).where(AuthTokens.id == token.id)
).delete() )
session.commit() await session.commit()
raise raise
self.provider_tokens = MappingProxyType(provider_tokens) self.provider_tokens = MappingProxyType(provider_tokens)
@@ -210,7 +212,7 @@ class SaasUserAuth(UserAuth):
if settings_store: if settings_store:
return settings_store return settings_store
user_id = await self.get_user_id() user_id = await self.get_user_id()
settings_store = SaasSettingsStore(user_id, session_maker, get_config()) settings_store = SaasSettingsStore(user_id, get_config())
self.settings_store = settings_store self.settings_store = settings_store
return settings_store return settings_store
@@ -278,7 +280,7 @@ async def saas_user_auth_from_bearer(request: Request) -> SaasUserAuth | None:
return None return None
api_key_store = ApiKeyStore.get_instance() api_key_store = ApiKeyStore.get_instance()
user_id = api_key_store.validate_api_key(api_key) user_id = await api_key_store.validate_api_key(api_key)
if not user_id: if not user_id:
return None return None
offline_token = await token_manager.load_offline_token(user_id) offline_token = await token_manager.load_offline_token(user_id)
@@ -327,7 +329,7 @@ async def saas_user_auth_from_signed_token(signed_token: str) -> SaasUserAuth:
email_verified = access_token_payload['email_verified'] email_verified = access_token_payload['email_verified']
# Check if email domain is blocked # Check if email domain is blocked
if email and domain_blocker.is_domain_blocked(email): if email and await domain_blocker.is_domain_blocked(email):
logger.warning( logger.warning(
f'Blocked authentication attempt for existing user with email: {email}' f'Blocked authentication attempt for existing user with email: {email}'
) )

2
enterprise/server/routes/api_keys.py
View File

@@ -251,7 +251,7 @@ async def delete_api_key(
) )
# Delete the key # Delete the key
success = api_key_store.delete_api_key_by_id(key_id) success = await api_key_store.delete_api_key_by_id(key_id)
if not success: if not success:
raise HTTPException( raise HTTPException(

2
enterprise/server/routes/auth.py
View File

@@ -270,7 +270,7 @@ async def keycloak_callback(
# Fail open - continue with login if reCAPTCHA service unavailable # Fail open - continue with login if reCAPTCHA service unavailable
# Check if email domain is blocked # Check if email domain is blocked
if email and domain_blocker.is_domain_blocked(email): if email and await domain_blocker.is_domain_blocked(email):
logger.warning( logger.warning(
f'Blocked authentication attempt for email: {email}, user_id: {user_id}' f'Blocked authentication attempt for email: {email}, user_id: {user_id}'
) )

2
enterprise/server/routes/oauth_device.py
View File

@@ -181,7 +181,7 @@ async def device_token(device_code: str = Form(...)):
# Retrieve the specific API key for this device using the user_code # Retrieve the specific API key for this device using the user_code
api_key_store = ApiKeyStore.get_instance() api_key_store = ApiKeyStore.get_instance()
device_key_name = f'{API_KEY_NAME} ({device_code_entry.user_code})' device_key_name = f'{API_KEY_NAME} ({device_code_entry.user_code})'
device_api_key = api_key_store.retrieve_api_key_by_name( device_api_key = await api_key_store.retrieve_api_key_by_name(
device_code_entry.keycloak_user_id, device_key_name device_code_entry.keycloak_user_id, device_key_name
) )

1
enterprise/server/routes/user.py
View File

@@ -388,5 +388,4 @@ async def _check_idp(
access_token.get_secret_value(), ProviderType(idp) access_token.get_secret_value(), ProviderType(idp)
): ):
return default_value return default_value
return None return None

8
enterprise/server/verified_models/verified_model_service.py
View File

@@ -2,6 +2,10 @@
from dataclasses import dataclass from dataclasses import dataclass
from server.verified_models.verified_model_models import (
VerifiedModel,
VerifiedModelPage,
)
from sqlalchemy import ( from sqlalchemy import (
Boolean, Boolean,
Column, Column,
@@ -18,10 +22,6 @@ from sqlalchemy import (
from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.ext.asyncio import AsyncSession
from storage.base import Base from storage.base import Base
from enterprise.server.verified_models.verified_model_models import (
VerifiedModel,
VerifiedModelPage,
)
from openhands.app_server.config import depends_db_session from openhands.app_server.config import depends_db_session
from openhands.core.logger import openhands_logger as logger from openhands.core.logger import openhands_logger as logger

120
enterprise/storage/api_key_store.py
View File

@@ -5,20 +5,16 @@ import string
from dataclasses import dataclass from dataclasses import dataclass
from datetime import UTC, datetime from datetime import UTC, datetime
from sqlalchemy import update from sqlalchemy import select, update
from sqlalchemy.orm import sessionmaker
from storage.api_key import ApiKey from storage.api_key import ApiKey
from storage.database import session_maker from storage.database import a_session_maker
from storage.user_store import UserStore from storage.user_store import UserStore
from openhands.core.logger import openhands_logger as logger from openhands.core.logger import openhands_logger as logger
from openhands.utils.async_utils import call_sync_from_async
@dataclass @dataclass
class ApiKeyStore: class ApiKeyStore:
session_maker: sessionmaker
API_KEY_PREFIX = 'sk-oh-' API_KEY_PREFIX = 'sk-oh-'
def generate_api_key(self, length: int = 32) -> str: def generate_api_key(self, length: int = 32) -> str:
@@ -43,22 +39,8 @@ class ApiKeyStore:
api_key = self.generate_api_key() api_key = self.generate_api_key()
user = await UserStore.get_user_by_id_async(user_id) user = await UserStore.get_user_by_id_async(user_id)
org_id = user.current_org_id org_id = user.current_org_id
await call_sync_from_async(
self._store_api_key, user_id, org_id, api_key, name, expires_at
)
return api_key async with a_session_maker() as session:
def _store_api_key(
self,
user_id: str,
org_id: str,
api_key: str,
name: str | None,
expires_at: datetime | None = None,
) -> None:
"""Store an existing API key in the database."""
with self.session_maker() as session:
key_record = ApiKey( key_record = ApiKey(
key=api_key, key=api_key,
user_id=user_id, user_id=user_id,
@@ -67,14 +49,17 @@ class ApiKeyStore:
expires_at=expires_at, expires_at=expires_at,
) )
session.add(key_record) session.add(key_record)
session.commit() await session.commit()
def validate_api_key(self, api_key: str) -> str | None: return api_key
async def validate_api_key(self, api_key: str) -> str | None:
"""Validate an API key and return the associated user_id if valid.""" """Validate an API key and return the associated user_id if valid."""
now = datetime.now(UTC) now = datetime.now(UTC)
with self.session_maker() as session: async with a_session_maker() as session:
key_record = session.query(ApiKey).filter(ApiKey.key == api_key).first() result = await session.execute(select(ApiKey).filter(ApiKey.key == api_key))
key_record = result.scalars().first()
if not key_record: if not key_record:
return None return None
@@ -91,38 +76,40 @@ class ApiKeyStore:
return None return None
# Update last_used_at timestamp # Update last_used_at timestamp
session.execute( await session.execute(
update(ApiKey) update(ApiKey)
.where(ApiKey.id == key_record.id) .where(ApiKey.id == key_record.id)
.values(last_used_at=now) .values(last_used_at=now)
) )
session.commit() await session.commit()
return key_record.user_id return key_record.user_id
def delete_api_key(self, api_key: str) -> bool: async def delete_api_key(self, api_key: str) -> bool:
"""Delete an API key by the key value.""" """Delete an API key by the key value."""
with self.session_maker() as session: async with a_session_maker() as session:
key_record = session.query(ApiKey).filter(ApiKey.key == api_key).first() result = await session.execute(select(ApiKey).filter(ApiKey.key == api_key))
key_record = result.scalars().first()
if not key_record: if not key_record:
return False return False
session.delete(key_record) await session.delete(key_record)
session.commit() await session.commit()
return True return True
def delete_api_key_by_id(self, key_id: int) -> bool: async def delete_api_key_by_id(self, key_id: int) -> bool:
"""Delete an API key by its ID.""" """Delete an API key by its ID."""
with self.session_maker() as session: async with a_session_maker() as session:
key_record = session.query(ApiKey).filter(ApiKey.id == key_id).first() result = await session.execute(select(ApiKey).filter(ApiKey.id == key_id))
key_record = result.scalars().first()
if not key_record: if not key_record:
return False return False
session.delete(key_record) await session.delete(key_record)
session.commit() await session.commit()
return True return True
@@ -130,64 +117,55 @@ class ApiKeyStore:
"""List all API keys for a user.""" """List all API keys for a user."""
user = await UserStore.get_user_by_id_async(user_id) user = await UserStore.get_user_by_id_async(user_id)
org_id = user.current_org_id org_id = user.current_org_id
return await call_sync_from_async(self._list_api_keys_from_db, user_id, org_id)
def _list_api_keys_from_db(self, user_id: str, org_id: str) -> list[ApiKey]: async with a_session_maker() as session:
with self.session_maker() as session: result = await session.execute(
keys: list[ApiKey] = ( select(ApiKey).filter(
session.query(ApiKey) ApiKey.user_id == user_id, ApiKey.org_id == org_id
.filter(ApiKey.user_id == user_id)
.filter(ApiKey.org_id == org_id)
.all()
) )
)
keys = result.scalars().all()
return [key for key in keys if key.name != 'MCP_API_KEY'] return [key for key in keys if key.name != 'MCP_API_KEY']
async def retrieve_mcp_api_key(self, user_id: str) -> str | None: async def retrieve_mcp_api_key(self, user_id: str) -> str | None:
user = await UserStore.get_user_by_id_async(user_id) user = await UserStore.get_user_by_id_async(user_id)
org_id = user.current_org_id org_id = user.current_org_id
return await call_sync_from_async(
self._retrieve_mcp_api_key_from_db, user_id, org_id
)
def _retrieve_mcp_api_key_from_db(self, user_id: str, org_id: str) -> str | None: async with a_session_maker() as session:
with self.session_maker() as session: result = await session.execute(
keys: list[ApiKey] = ( select(ApiKey).filter(
session.query(ApiKey) ApiKey.user_id == user_id, ApiKey.org_id == org_id
.filter(ApiKey.user_id == user_id)
.filter(ApiKey.org_id == org_id)
.all()
) )
)
keys = result.scalars().all()
for key in keys: for key in keys:
if key.name == 'MCP_API_KEY': if key.name == 'MCP_API_KEY':
return key.key return key.key
return None return None
def retrieve_api_key_by_name(self, user_id: str, name: str) -> str | None: async def retrieve_api_key_by_name(self, user_id: str, name: str) -> str | None:
"""Retrieve an API key by name for a specific user.""" """Retrieve an API key by name for a specific user."""
with self.session_maker() as session: async with a_session_maker() as session:
key_record = ( result = await session.execute(
session.query(ApiKey) select(ApiKey).filter(ApiKey.user_id == user_id, ApiKey.name == name)
.filter(ApiKey.user_id == user_id, ApiKey.name == name)
.first()
) )
key_record = result.scalars().first()
return key_record.key if key_record else None return key_record.key if key_record else None
def delete_api_key_by_name(self, user_id: str, name: str) -> bool: async def delete_api_key_by_name(self, user_id: str, name: str) -> bool:
"""Delete an API key by name for a specific user.""" """Delete an API key by name for a specific user."""
with self.session_maker() as session: async with a_session_maker() as session:
key_record = ( result = await session.execute(
session.query(ApiKey) select(ApiKey).filter(ApiKey.user_id == user_id, ApiKey.name == name)
.filter(ApiKey.user_id == user_id, ApiKey.name == name)
.first()
) )
key_record = result.scalars().first()
if not key_record: if not key_record:
return False return False
session.delete(key_record) await session.delete(key_record)
session.commit() await session.commit()
return True return True
@@ -195,4 +173,4 @@ class ApiKeyStore:
def get_instance(cls) -> ApiKeyStore: def get_instance(cls) -> ApiKeyStore:
"""Get an instance of the ApiKeyStore.""" """Get an instance of the ApiKeyStore."""
logger.debug('api_key_store.get_instance') logger.debug('api_key_store.get_instance')
return ApiKeyStore(session_maker) return ApiKeyStore()

12
enterprise/storage/auth_token_store.py
View File

@@ -7,7 +7,6 @@ from typing import Awaitable, Callable, Dict
from server.auth.auth_error import TokenRefreshError from server.auth.auth_error import TokenRefreshError
from sqlalchemy import select, text, update from sqlalchemy import select, text, update
from sqlalchemy.exc import OperationalError from sqlalchemy.exc import OperationalError
from sqlalchemy.orm import sessionmaker
from storage.auth_tokens import AuthTokens from storage.auth_tokens import AuthTokens
from storage.database import a_session_maker from storage.database import a_session_maker
@@ -27,7 +26,6 @@ LOCK_TIMEOUT_SECONDS = 5
class AuthTokenStore: class AuthTokenStore:
keycloak_user_id: str keycloak_user_id: str
idp: ProviderType idp: ProviderType
a_session_maker: sessionmaker
@property @property
def identity_provider_value(self) -> str: def identity_provider_value(self) -> str:
@@ -73,7 +71,7 @@ class AuthTokenStore:
access_token_expires_at: Expiration time for access token (seconds since epoch) access_token_expires_at: Expiration time for access token (seconds since epoch)
refresh_token_expires_at: Expiration time for refresh token (seconds since epoch) refresh_token_expires_at: Expiration time for refresh token (seconds since epoch)
""" """
async with self.a_session_maker() as session: async with a_session_maker() as session:
async with session.begin(): # Explicitly start a transaction async with session.begin(): # Explicitly start a transaction
result = await session.execute( result = await session.execute(
select(AuthTokens).where( select(AuthTokens).where(
@@ -138,7 +136,7 @@ class AuthTokenStore:
a 401 response to prompt the user to re-authenticate. a 401 response to prompt the user to re-authenticate.
""" """
# FAST PATH: Check without lock first to avoid unnecessary lock contention # FAST PATH: Check without lock first to avoid unnecessary lock contention
async with self.a_session_maker() as session: async with a_session_maker() as session:
result = await session.execute( result = await session.execute(
select(AuthTokens).filter( select(AuthTokens).filter(
AuthTokens.keycloak_user_id == self.keycloak_user_id, AuthTokens.keycloak_user_id == self.keycloak_user_id,
@@ -167,7 +165,7 @@ class AuthTokenStore:
# SLOW PATH: Token needs refresh, acquire lock # SLOW PATH: Token needs refresh, acquire lock
try: try:
async with self.a_session_maker() as session: async with a_session_maker() as session:
async with session.begin(): async with session.begin():
# Set a lock timeout to prevent indefinite blocking # Set a lock timeout to prevent indefinite blocking
# This ensures we don't hold connections forever if something goes wrong # This ensures we don't hold connections forever if something goes wrong
@@ -300,6 +298,4 @@ class AuthTokenStore:
logger.debug(f'auth_token_store.get_instance::{keycloak_user_id}') logger.debug(f'auth_token_store.get_instance::{keycloak_user_id}')
if keycloak_user_id: if keycloak_user_id:
keycloak_user_id = str(keycloak_user_id) keycloak_user_id = str(keycloak_user_id)
return AuthTokenStore( return AuthTokenStore(keycloak_user_id=keycloak_user_id, idp=idp)
keycloak_user_id=keycloak_user_id, idp=idp, a_session_maker=a_session_maker
)

14
enterprise/storage/blocked_email_domain_store.py
View File

@@ -1,14 +1,12 @@
from dataclasses import dataclass from dataclasses import dataclass
from sqlalchemy import text from sqlalchemy import text
from sqlalchemy.orm import sessionmaker from storage.database import a_session_maker
@dataclass @dataclass
class BlockedEmailDomainStore: class BlockedEmailDomainStore:
session_maker: sessionmaker async def is_domain_blocked(self, domain: str) -> bool:
def is_domain_blocked(self, domain: str) -> bool:
"""Check if a domain is blocked by querying the database directly. """Check if a domain is blocked by querying the database directly.
This method uses SQL to efficiently check if the domain matches any blocked pattern: This method uses SQL to efficiently check if the domain matches any blocked pattern:
@@ -21,9 +19,9 @@ class BlockedEmailDomainStore:
Returns: Returns:
True if the domain is blocked, False otherwise True if the domain is blocked, False otherwise
""" """
with self.session_maker() as session: async with a_session_maker() as session:
# SQL query that handles both TLD patterns and full domain patterns # SQL query that handles both TLD patterns and full domain patterns
# TLD patterns (starting with '.'): check if domain ends with the pattern # TLD patterns (starting with '.'): check if domain ends with it (case-insensitive)
# Full domain patterns: check for exact match or subdomain match # Full domain patterns: check for exact match or subdomain match
# All comparisons are case-insensitive using LOWER() to ensure consistent matching # All comparisons are case-insensitive using LOWER() to ensure consistent matching
query = text(""" query = text("""
@@ -41,5 +39,5 @@ class BlockedEmailDomainStore:
)) ))
) )
""") """)
result = session.execute(query, {'domain': domain}).scalar() result = await session.execute(query, {'domain': domain})
return bool(result) return bool(result.scalar())

21
enterprise/storage/gitlab_webhook_store.py
View File

@@ -5,7 +5,6 @@ from dataclasses import dataclass
from integrations.types import GitLabResourceType from integrations.types import GitLabResourceType
from sqlalchemy import and_, asc, select, text, update from sqlalchemy import and_, asc, select, text, update
from sqlalchemy.dialects.postgresql import insert from sqlalchemy.dialects.postgresql import insert
from sqlalchemy.orm import sessionmaker
from storage.database import a_session_maker from storage.database import a_session_maker
from storage.gitlab_webhook import GitlabWebhook from storage.gitlab_webhook import GitlabWebhook
@@ -14,8 +13,6 @@ from openhands.core.logger import openhands_logger as logger
@dataclass @dataclass
class GitlabWebhookStore: class GitlabWebhookStore:
a_session_maker: sessionmaker = a_session_maker
@staticmethod @staticmethod
def determine_resource_type( def determine_resource_type(
webhook: GitlabWebhook, webhook: GitlabWebhook,
@@ -44,7 +41,7 @@ class GitlabWebhookStore:
if not project_details: if not project_details:
return return
async with self.a_session_maker() as session: async with a_session_maker() as session:
async with session.begin(): async with session.begin():
# Convert GitlabWebhook objects to dictionaries for the insert # Convert GitlabWebhook objects to dictionaries for the insert
# Using __dict__ and filtering out SQLAlchemy internal attributes and 'id' # Using __dict__ and filtering out SQLAlchemy internal attributes and 'id'
@@ -88,7 +85,7 @@ class GitlabWebhookStore:
""" """
resource_type, resource_id = GitlabWebhookStore.determine_resource_type(webhook) resource_type, resource_id = GitlabWebhookStore.determine_resource_type(webhook)
async with self.a_session_maker() as session: async with a_session_maker() as session:
async with session.begin(): async with session.begin():
stmt = ( stmt = (
update(GitlabWebhook).where(GitlabWebhook.project_id == resource_id) update(GitlabWebhook).where(GitlabWebhook.project_id == resource_id)
@@ -122,7 +119,7 @@ class GitlabWebhookStore:
}, },
) )
async with self.a_session_maker() as session: async with a_session_maker() as session:
async with session.begin(): async with session.begin():
# Create query based on the identifier provided # Create query based on the identifier provided
if resource_type == GitLabResourceType.PROJECT: if resource_type == GitLabResourceType.PROJECT:
@@ -185,7 +182,7 @@ class GitlabWebhookStore:
List of GitlabWebhook objects that need processing List of GitlabWebhook objects that need processing
""" """
async with self.a_session_maker() as session: async with a_session_maker() as session:
query = ( query = (
select(GitlabWebhook) select(GitlabWebhook)
.where(GitlabWebhook.webhook_exists.is_(False)) .where(GitlabWebhook.webhook_exists.is_(False))
@@ -201,7 +198,7 @@ class GitlabWebhookStore:
""" """
Get's webhook secret given the webhook uuid and admin keycloak user id Get's webhook secret given the webhook uuid and admin keycloak user id
""" """
async with self.a_session_maker() as session: async with a_session_maker() as session:
query = ( query = (
select(GitlabWebhook) select(GitlabWebhook)
.where( .where(
@@ -235,7 +232,7 @@ class GitlabWebhookStore:
Returns: Returns:
GitlabWebhook object if found, None otherwise GitlabWebhook object if found, None otherwise
""" """
async with self.a_session_maker() as session: async with a_session_maker() as session:
if resource_type == GitLabResourceType.PROJECT: if resource_type == GitLabResourceType.PROJECT:
query = select(GitlabWebhook).where( query = select(GitlabWebhook).where(
GitlabWebhook.project_id == resource_id GitlabWebhook.project_id == resource_id
@@ -263,7 +260,7 @@ class GitlabWebhookStore:
Returns: Returns:
Tuple of (project_webhook_map, group_webhook_map) Tuple of (project_webhook_map, group_webhook_map)
""" """
async with self.a_session_maker() as session: async with a_session_maker() as session:
project_webhook_map = {} project_webhook_map = {}
group_webhook_map = {} group_webhook_map = {}
@@ -303,7 +300,7 @@ class GitlabWebhookStore:
Returns: Returns:
True if webhook was reset, False if not found True if webhook was reset, False if not found
""" """
async with self.a_session_maker() as session: async with a_session_maker() as session:
async with session.begin(): async with session.begin():
if resource_type == GitLabResourceType.PROJECT: if resource_type == GitLabResourceType.PROJECT:
update_statement = ( update_statement = (
@@ -348,4 +345,4 @@ class GitlabWebhookStore:
Returns: Returns:
An instance of GitlabWebhookStore An instance of GitlabWebhookStore
""" """
return GitlabWebhookStore(a_session_maker) return GitlabWebhookStore()

31
enterprise/storage/offline_token_store.py
View File

@@ -2,8 +2,8 @@ from __future__ import annotations
from dataclasses import dataclass from dataclasses import dataclass
from sqlalchemy.orm import sessionmaker from sqlalchemy import select
from storage.database import session_maker from storage.database import a_session_maker
from storage.stored_offline_token import StoredOfflineToken from storage.stored_offline_token import StoredOfflineToken
from openhands.core.config.openhands_config import OpenHandsConfig from openhands.core.config.openhands_config import OpenHandsConfig
@@ -13,17 +13,17 @@ from openhands.core.logger import openhands_logger as logger
@dataclass @dataclass
class OfflineTokenStore: class OfflineTokenStore:
user_id: str user_id: str
session_maker: sessionmaker
config: OpenHandsConfig config: OpenHandsConfig
async def store_token(self, offline_token: str) -> None: async def store_token(self, offline_token: str) -> None:
"""Store an offline token in the database.""" """Store an offline token in the database."""
with self.session_maker() as session: async with a_session_maker() as session:
token_record = ( result = await session.execute(
session.query(StoredOfflineToken) select(StoredOfflineToken).where(
.filter(StoredOfflineToken.user_id == self.user_id) StoredOfflineToken.user_id == self.user_id
.first()
) )
)
token_record = result.scalar_one_or_none()
if token_record: if token_record:
token_record.offline_token = offline_token token_record.offline_token = offline_token
@@ -32,16 +32,17 @@ class OfflineTokenStore:
user_id=self.user_id, offline_token=offline_token user_id=self.user_id, offline_token=offline_token
) )
session.add(token_record) session.add(token_record)
session.commit() await session.commit()
async def load_token(self) -> str | None: async def load_token(self) -> str | None:
"""Load an offline token from the database.""" """Load an offline token from the database."""
with self.session_maker() as session: async with a_session_maker() as session:
token_record = ( result = await session.execute(
session.query(StoredOfflineToken) select(StoredOfflineToken).where(
.filter(StoredOfflineToken.user_id == self.user_id) StoredOfflineToken.user_id == self.user_id
.first()
) )
)
token_record = result.scalar_one_or_none()
if not token_record: if not token_record:
return None return None
@@ -56,4 +57,4 @@ class OfflineTokenStore:
logger.debug(f'offline_token_store.get_instance::{user_id}') logger.debug(f'offline_token_store.get_instance::{user_id}')
if user_id: if user_id:
user_id = str(user_id) user_id = str(user_id)
return OfflineTokenStore(user_id, session_maker, config) return OfflineTokenStore(user_id, config)

13
enterprise/storage/proactive_conversation_store.py
View File

@@ -10,7 +10,6 @@ from integrations.github.github_types import (
WorkflowRunStatus, WorkflowRunStatus,
) )
from sqlalchemy import and_, delete, select, update from sqlalchemy import and_, delete, select, update
from sqlalchemy.orm import sessionmaker
from storage.database import a_session_maker from storage.database import a_session_maker
from storage.proactive_convos import ProactiveConversation from storage.proactive_convos import ProactiveConversation
@@ -20,8 +19,6 @@ from openhands.integrations.service_types import ProviderType
@dataclass @dataclass
class ProactiveConversationStore: class ProactiveConversationStore:
a_session_maker: sessionmaker = a_session_maker
def get_repo_id(self, provider: ProviderType, repo_id): def get_repo_id(self, provider: ProviderType, repo_id):
return f'{provider.value}##{repo_id}' return f'{provider.value}##{repo_id}'
@@ -51,7 +48,7 @@ class ProactiveConversationStore:
final_workflow_group = None final_workflow_group = None
async with self.a_session_maker() as session: async with a_session_maker() as session:
# Start an explicit transaction with row-level locking # Start an explicit transaction with row-level locking
async with session.begin(): async with session.begin():
# Get the existing proactive conversation entry with FOR UPDATE lock # Get the existing proactive conversation entry with FOR UPDATE lock
@@ -142,7 +139,7 @@ class ProactiveConversationStore:
# Calculate the cutoff time (current time - older_than_minutes) # Calculate the cutoff time (current time - older_than_minutes)
cutoff_time = datetime.now(UTC) - timedelta(minutes=older_than_minutes) cutoff_time = datetime.now(UTC) - timedelta(minutes=older_than_minutes)
async with self.a_session_maker() as session: async with a_session_maker() as session:
async with session.begin(): async with session.begin():
# Delete records older than the cutoff time # Delete records older than the cutoff time
delete_stmt = delete(ProactiveConversation).where( delete_stmt = delete(ProactiveConversation).where(
@@ -158,9 +155,9 @@ class ProactiveConversationStore:
@classmethod @classmethod
async def get_instance(cls) -> ProactiveConversationStore: async def get_instance(cls) -> ProactiveConversationStore:
"""Get an instance of the GitlabWebhookStore. """Get an instance of the ProactiveConversationStore.
Returns: Returns:
An instance of GitlabWebhookStore An instance of ProactiveConversationStore
""" """
return ProactiveConversationStore(a_session_maker) return ProactiveConversationStore()

23
enterprise/storage/repository_store.py
View File

@@ -2,8 +2,8 @@ from __future__ import annotations
from dataclasses import dataclass from dataclasses import dataclass
from sqlalchemy.orm import sessionmaker from sqlalchemy import select
from storage.database import session_maker from storage.database import a_session_maker
from storage.stored_repository import StoredRepository from storage.stored_repository import StoredRepository
from openhands.core.config.openhands_config import OpenHandsConfig from openhands.core.config.openhands_config import OpenHandsConfig
@@ -11,12 +11,11 @@ from openhands.core.config.openhands_config import OpenHandsConfig
@dataclass @dataclass
class RepositoryStore: class RepositoryStore:
session_maker: sessionmaker
config: OpenHandsConfig config: OpenHandsConfig
def store_projects(self, repositories: list[StoredRepository]) -> None: async def store_projects(self, repositories: list[StoredRepository]) -> None:
""" """
Store repositories in database Store repositories in database (async version)
1. Make sure to store repositories if its ID doesn't exist 1. Make sure to store repositories if its ID doesn't exist
2. If repository ID already exists, make sure to only update the repo is_public and repo_name fields 2. If repository ID already exists, make sure to only update the repo is_public and repo_name fields
@@ -26,17 +25,15 @@ class RepositoryStore:
if not repositories: if not repositories:
return return
with self.session_maker() as session: async with a_session_maker() as session:
# Extract all repo_ids to check # Extract all repo_ids to check
repo_ids = [r.repo_id for r in repositories] repo_ids = [r.repo_id for r in repositories]
# Get all existing repositories in a single query # Get all existing repositories in a single query
existing_repos = { result = await session.execute(
r.repo_id: r select(StoredRepository).filter(StoredRepository.repo_id.in_(repo_ids))
for r in session.query(StoredRepository).filter(
StoredRepository.repo_id.in_(repo_ids)
) )
} existing_repos = {r.repo_id: r for r in result.scalars().all()}
# Process all repositories # Process all repositories
for repo in repositories: for repo in repositories:
@@ -50,9 +47,9 @@ class RepositoryStore:
session.add(repo) session.add(repo)
# Commit all changes # Commit all changes
session.commit() await session.commit()
@classmethod @classmethod
def get_instance(cls, config: OpenHandsConfig) -> RepositoryStore: def get_instance(cls, config: OpenHandsConfig) -> RepositoryStore:
"""Get an instance of the UserRepositoryStore.""" """Get an instance of the UserRepositoryStore."""
return RepositoryStore(session_maker, config) return RepositoryStore(config)

2
enterprise/storage/saas_conversation_validator.py
View File

@@ -28,7 +28,7 @@ class SaasConversationValidator(ConversationValidator):
# Validate the API key and get the user_id # Validate the API key and get the user_id
api_key_store = ApiKeyStore.get_instance() api_key_store = ApiKeyStore.get_instance()
user_id = api_key_store.validate_api_key(api_key) user_id = await api_key_store.validate_api_key(api_key)
if not user_id: if not user_id:
logger.warning('Invalid API key') logger.warning('Invalid API key')

25
enterprise/storage/saas_secrets_store.py
View File

@@ -5,8 +5,8 @@ from base64 import b64decode, b64encode
from dataclasses import dataclass from dataclasses import dataclass
from cryptography.fernet import Fernet from cryptography.fernet import Fernet
from sqlalchemy.orm import sessionmaker from sqlalchemy import delete, select
from storage.database import session_maker from storage.database import a_session_maker
from storage.stored_custom_secrets import StoredCustomSecrets from storage.stored_custom_secrets import StoredCustomSecrets
from storage.user_store import UserStore from storage.user_store import UserStore
@@ -19,7 +19,6 @@ from openhands.storage.secrets.secrets_store import SecretsStore
@dataclass @dataclass
class SaasSecretsStore(SecretsStore): class SaasSecretsStore(SecretsStore):
user_id: str user_id: str
session_maker: sessionmaker
config: OpenHandsConfig config: OpenHandsConfig
async def load(self) -> Secrets | None: async def load(self) -> Secrets | None:
@@ -28,14 +27,15 @@ class SaasSecretsStore(SecretsStore):
user = await UserStore.get_user_by_id_async(self.user_id) user = await UserStore.get_user_by_id_async(self.user_id)
org_id = user.current_org_id if user else None org_id = user.current_org_id if user else None
with self.session_maker() as session: async with a_session_maker() as session:
# Fetch all secrets for the given user ID # Fetch all secrets for the given user ID
query = session.query(StoredCustomSecrets).filter( query = select(StoredCustomSecrets).filter(
StoredCustomSecrets.keycloak_user_id == self.user_id StoredCustomSecrets.keycloak_user_id == self.user_id
) )
if org_id is not None: if org_id is not None:
query = query.filter(StoredCustomSecrets.org_id == org_id) query = query.filter(StoredCustomSecrets.org_id == org_id)
settings = query.all() result = await session.execute(query)
settings = result.scalars().all()
if not settings: if not settings:
return Secrets() return Secrets()
@@ -54,12 +54,15 @@ class SaasSecretsStore(SecretsStore):
async def store(self, item: Secrets): async def store(self, item: Secrets):
user = await UserStore.get_user_by_id_async(self.user_id) user = await UserStore.get_user_by_id_async(self.user_id)
org_id = user.current_org_id org_id = user.current_org_id
with self.session_maker() as session:
async with a_session_maker() as session:
# Incoming secrets are always the most updated ones # Incoming secrets are always the most updated ones
# Delete all existing records and override with incoming ones # Delete all existing records and override with incoming ones
session.query(StoredCustomSecrets).filter( await session.execute(
delete(StoredCustomSecrets).filter(
StoredCustomSecrets.keycloak_user_id == self.user_id StoredCustomSecrets.keycloak_user_id == self.user_id
).delete() )
)
# Prepare the new secrets data # Prepare the new secrets data
kwargs = item.model_dump(context={'expose_secrets': True}) kwargs = item.model_dump(context={'expose_secrets': True})
@@ -89,7 +92,7 @@ class SaasSecretsStore(SecretsStore):
) )
session.add(new_secret) session.add(new_secret)
session.commit() await session.commit()
def _decrypt_kwargs(self, kwargs: dict): def _decrypt_kwargs(self, kwargs: dict):
fernet = self._fernet() fernet = self._fernet()
@@ -133,4 +136,4 @@ class SaasSecretsStore(SecretsStore):
if not user_id: if not user_id:
raise Exception('SaasSecretsStore cannot be constructed with no user_id') raise Exception('SaasSecretsStore cannot be constructed with no user_id')
logger.debug(f'saas_secrets_store.get_instance::{user_id}') logger.debug(f'saas_secrets_store.get_instance::{user_id}')
return SaasSecretsStore(user_id, session_maker, config) return SaasSecretsStore(user_id, config)

62
enterprise/storage/saas_settings_store.py
View File

@@ -10,8 +10,9 @@ from cryptography.fernet import Fernet
from pydantic import SecretStr from pydantic import SecretStr
from server.constants import LITE_LLM_API_URL from server.constants import LITE_LLM_API_URL
from server.logger import logger from server.logger import logger
from sqlalchemy.orm import joinedload, sessionmaker from sqlalchemy import select
from storage.database import session_maker from sqlalchemy.orm import joinedload
from storage.database import a_session_maker
from storage.lite_llm_manager import LiteLlmManager, get_openhands_cloud_key_alias from storage.lite_llm_manager import LiteLlmManager, get_openhands_cloud_key_alias
from storage.org import Org from storage.org import Org
from storage.org_member import OrgMember from storage.org_member import OrgMember
@@ -23,26 +24,24 @@ from storage.user_store import UserStore
from openhands.core.config.openhands_config import OpenHandsConfig from openhands.core.config.openhands_config import OpenHandsConfig
from openhands.server.settings import Settings from openhands.server.settings import Settings
from openhands.storage.settings.settings_store import SettingsStore from openhands.storage.settings.settings_store import SettingsStore
from openhands.utils.async_utils import call_sync_from_async
from openhands.utils.llm import is_openhands_model from openhands.utils.llm import is_openhands_model
@dataclass @dataclass
class SaasSettingsStore(SettingsStore): class SaasSettingsStore(SettingsStore):
user_id: str user_id: str
session_maker: sessionmaker
config: OpenHandsConfig config: OpenHandsConfig
ENCRYPT_VALUES = ['llm_api_key', 'llm_api_key_for_byor', 'search_api_key'] ENCRYPT_VALUES = ['llm_api_key', 'llm_api_key_for_byor', 'search_api_key']
def _get_user_settings_by_keycloak_id( async def _get_user_settings_by_keycloak_id_async(
self, keycloak_user_id: str, session=None self, keycloak_user_id: str, session=None
) -> UserSettings | None: ) -> UserSettings | None:
""" """
Get UserSettings by keycloak_user_id. Get UserSettings by keycloak_user_id (async version).
Args: Args:
keycloak_user_id: The keycloak user ID to search for keycloak_user_id: The keycloak user ID to search for
session: Optional existing database session. If not provided, creates a new one. session: Optional existing async database session. If not provided, creates a new one.
Returns: Returns:
UserSettings object if found, None otherwise UserSettings object if found, None otherwise
@@ -50,27 +49,26 @@ class SaasSettingsStore(SettingsStore):
if not keycloak_user_id: if not keycloak_user_id:
return None return None
def _get_settings():
if session: if session:
# Use provided session # Use provided session
return ( result = await session.execute(
session.query(UserSettings) select(UserSettings).filter(
.filter(UserSettings.keycloak_user_id == keycloak_user_id) UserSettings.keycloak_user_id == keycloak_user_id
.first()
) )
)
return result.scalars().first()
else: else:
# Create new session # Create new session
with self.session_maker() as new_session: async with a_session_maker() as new_session:
return ( result = await new_session.execute(
new_session.query(UserSettings) select(UserSettings).filter(
.filter(UserSettings.keycloak_user_id == keycloak_user_id) UserSettings.keycloak_user_id == keycloak_user_id
.first()
) )
)
return _get_settings() return result.scalars().first()
async def load(self) -> Settings | None: async def load(self) -> Settings | None:
user = await call_sync_from_async(UserStore.get_user_by_id, self.user_id) user = await UserStore.get_user_by_id_async(self.user_id)
if not user: if not user:
logger.error(f'User not found for ID {self.user_id}') logger.error(f'User not found for ID {self.user_id}')
return None return None
@@ -83,7 +81,7 @@ class SaasSettingsStore(SettingsStore):
break break
if not org_member or not org_member.llm_api_key: if not org_member or not org_member.llm_api_key:
return None return None
org = OrgStore.get_org_by_id(org_id) org = await OrgStore.get_org_by_id_async(org_id)
if not org: if not org:
logger.error( logger.error(
f'Org not found for ID {org_id} as the current org for user {self.user_id}' f'Org not found for ID {org_id} as the current org for user {self.user_id}'
@@ -122,21 +120,22 @@ class SaasSettingsStore(SettingsStore):
return settings return settings
async def store(self, item: Settings): async def store(self, item: Settings):
with self.session_maker() as session: async with a_session_maker() as session:
if not item: if not item:
return None return None
user = ( result = await session.execute(
session.query(User) select(User)
.options(joinedload(User.org_members)) .options(joinedload(User.org_members))
.filter(User.id == uuid.UUID(self.user_id)) .filter(User.id == uuid.UUID(self.user_id))
).first() )
user = result.scalars().first()
if not user: if not user:
# Check if we need to migrate from user_settings # Check if we need to migrate from user_settings
user_settings = None user_settings = None
with session_maker() as session: async with a_session_maker() as new_session:
user_settings = self._get_user_settings_by_keycloak_id( user_settings = await self._get_user_settings_by_keycloak_id_async(
self.user_id, session self.user_id, new_session
) )
if user_settings: if user_settings:
user = await UserStore.migrate_user(self.user_id, user_settings) user = await UserStore.migrate_user(self.user_id, user_settings)
@@ -154,7 +153,8 @@ class SaasSettingsStore(SettingsStore):
if not org_member or not org_member.llm_api_key: if not org_member or not org_member.llm_api_key:
return None return None
org: Org = session.query(Org).filter(Org.id == org_id).first() result = await session.execute(select(Org).filter(Org.id == org_id))
org = result.scalars().first()
if not org: if not org:
logger.error( logger.error(
f'Org not found for ID {org_id} as the current org for user {self.user_id}' f'Org not found for ID {org_id} as the current org for user {self.user_id}'
@@ -173,7 +173,7 @@ class SaasSettingsStore(SettingsStore):
if hasattr(model, key): if hasattr(model, key):
setattr(model, key, value) setattr(model, key, value)
session.commit() await session.commit()
@classmethod @classmethod
async def get_instance( async def get_instance(
@@ -182,7 +182,7 @@ class SaasSettingsStore(SettingsStore):
user_id: str, # type: ignore[override] user_id: str, # type: ignore[override]
) -> SaasSettingsStore: ) -> SaasSettingsStore:
logger.debug(f'saas_settings_store.get_instance::{user_id}') logger.debug(f'saas_settings_store.get_instance::{user_id}')
return SaasSettingsStore(user_id, session_maker, config) return SaasSettingsStore(user_id, config)
def _should_encrypt(self, key): def _should_encrypt(self, key):
return key in self.ENCRYPT_VALUES return key in self.ENCRYPT_VALUES

23
enterprise/storage/user_repo_map_store.py
View File

@@ -3,8 +3,8 @@ from __future__ import annotations
from dataclasses import dataclass from dataclasses import dataclass
import sqlalchemy import sqlalchemy
from sqlalchemy.orm import sessionmaker from sqlalchemy import select
from storage.database import session_maker from storage.database import a_session_maker
from storage.user_repo_map import UserRepositoryMap from storage.user_repo_map import UserRepositoryMap
from openhands.core.config.openhands_config import OpenHandsConfig from openhands.core.config.openhands_config import OpenHandsConfig
@@ -12,12 +12,11 @@ from openhands.core.config.openhands_config import OpenHandsConfig
@dataclass @dataclass
class UserRepositoryMapStore: class UserRepositoryMapStore:
session_maker: sessionmaker
config: OpenHandsConfig config: OpenHandsConfig
def store_user_repo_mappings(self, mappings: list[UserRepositoryMap]) -> None: async def store_user_repo_mappings(self, mappings: list[UserRepositoryMap]) -> None:
""" """
Store user-repository mappings in database Store user-repository mappings in database (async version)
1. Make sure to store mappings if they don't exist 1. Make sure to store mappings if they don't exist
2. If a mapping already exists (same user_id and repo_id), update the admin field 2. If a mapping already exists (same user_id and repo_id), update the admin field
@@ -30,18 +29,20 @@ class UserRepositoryMapStore:
if not mappings: if not mappings:
return return
with self.session_maker() as session: async with a_session_maker() as session:
# Extract all user_id/repo_id pairs to check # Extract all user_id/repo_id pairs to check
mapping_keys = [(m.user_id, m.repo_id) for m in mappings] mapping_keys = [(m.user_id, m.repo_id) for m in mappings]
# Get all existing mappings in a single query # Get all existing mappings in a single query
existing_mappings = { result = await session.execute(
(m.user_id, m.repo_id): m select(UserRepositoryMap).filter(
for m in session.query(UserRepositoryMap).filter(
sqlalchemy.tuple_( sqlalchemy.tuple_(
UserRepositoryMap.user_id, UserRepositoryMap.repo_id UserRepositoryMap.user_id, UserRepositoryMap.repo_id
).in_(mapping_keys) ).in_(mapping_keys)
) )
)
existing_mappings = {
(m.user_id, m.repo_id): m for m in result.scalars().all()
} }
# Process all mappings # Process all mappings
@@ -56,9 +57,9 @@ class UserRepositoryMapStore:
session.add(mapping) session.add(mapping)
# Commit all changes # Commit all changes
session.commit() await session.commit()
@classmethod @classmethod
def get_instance(cls, config: OpenHandsConfig) -> UserRepositoryMapStore: def get_instance(cls, config: OpenHandsConfig) -> UserRepositoryMapStore:
"""Get an instance of the UserRepositoryMapStore.""" """Get an instance of the UserRepositoryMapStore."""
return UserRepositoryMapStore(session_maker, config) return UserRepositoryMapStore(config)

51
enterprise/tests/unit/conftest.py
View File

@@ -8,10 +8,16 @@ from server.verified_models.verified_model_service import (
StoredVerifiedModel, # noqa: F401 StoredVerifiedModel, # noqa: F401
) )
from sqlalchemy import create_engine from sqlalchemy import create_engine
from sqlalchemy.ext.asyncio import (
AsyncSession,
async_sessionmaker,
create_async_engine,
)
from sqlalchemy.orm import sessionmaker from sqlalchemy.orm import sessionmaker
from storage.base import Base
# Anything not loaded here may not have a table created for it. # Anything not loaded here may not have a table created for it.
from storage.api_key import ApiKey # noqa: F401
from storage.base import Base
from storage.billing_session import BillingSession from storage.billing_session import BillingSession
from storage.conversation_work import ConversationWork from storage.conversation_work import ConversationWork
from storage.device_code import DeviceCode # noqa: F401 from storage.device_code import DeviceCode # noqa: F401
@@ -30,9 +36,18 @@ from storage.stripe_customer import StripeCustomer
from storage.user import User from storage.user import User
@pytest.fixture(scope='function')
def db_path(tmp_path):
"""Create a unique temp file path for each test."""
return str(tmp_path / 'test.db')
@pytest.fixture @pytest.fixture
def engine(): def engine(db_path):
engine = create_engine('sqlite:///:memory:') """Create a sync engine with tables using file-based DB."""
engine = create_engine(
f'sqlite:///{db_path}', connect_args={'check_same_thread': False}
)
Base.metadata.create_all(engine) Base.metadata.create_all(engine)
return engine return engine
@@ -42,6 +57,36 @@ def session_maker(engine):
return sessionmaker(bind=engine) return sessionmaker(bind=engine)
@pytest.fixture
def async_engine(db_path):
"""Create an async engine using the SAME file-based database."""
async_engine = create_async_engine(
f'sqlite+aiosqlite:///{db_path}',
connect_args={'check_same_thread': False},
)
async def create_tables():
async with async_engine.begin() as conn:
await conn.run_sync(Base.metadata.create_all)
# Run the async function synchronously
import asyncio
asyncio.run(create_tables())
return async_engine
@pytest.fixture
async def async_session_maker(async_engine):
"""Create an async session maker bound to the async engine."""
async_session_maker = async_sessionmaker(
bind=async_engine,
class_=AsyncSession,
expire_on_commit=False,
)
return async_session_maker
def add_minimal_fixtures(session_maker): def add_minimal_fixtures(session_maker):
with session_maker() as session: with session_maker() as session:
session.add( session.add(

6
enterprise/tests/unit/server/routes/test_oauth_device.py
View File

@@ -145,9 +145,11 @@ class TestDeviceToken:
mock_store.get_by_device_code.return_value = mock_device mock_store.get_by_device_code.return_value = mock_device
mock_store.update_poll_time.return_value = True mock_store.update_poll_time.return_value = True
# Mock API key retrieval # Mock API key retrieval - use AsyncMock for async method
mock_api_key_store = MagicMock() mock_api_key_store = MagicMock()
mock_api_key_store.retrieve_api_key_by_name.return_value = 'test-api-key' mock_api_key_store.retrieve_api_key_by_name = AsyncMock(
return_value='test-api-key'
)
mock_api_key_class.get_instance.return_value = mock_api_key_store mock_api_key_class.get_instance.return_value = mock_api_key_store
result = await device_token(device_code=device_code) result = await device_token(device_code=device_code)

20
enterprise/tests/unit/server/routes/test_orgs.py
View File

@@ -11,13 +11,8 @@ import httpx
import pytest import pytest
from fastapi import FastAPI, HTTPException, Request, status from fastapi import FastAPI, HTTPException, Request, status
from fastapi.testclient import TestClient from fastapi.testclient import TestClient
from server.email_validation import get_admin_user_id
# Mock database before imports from server.routes.org_models import (
with patch('storage.database.engine', create=True), patch(
'storage.database.a_engine', create=True
):
from server.email_validation import get_admin_user_id
from server.routes.org_models import (
CannotModifySelfError, CannotModifySelfError,
InsufficientPermissionError, InsufficientPermissionError,
InvalidRoleError, InvalidRoleError,
@@ -36,18 +31,17 @@ with patch('storage.database.engine', create=True), patch(
OrgNotFoundError, OrgNotFoundError,
OrphanedUserError, OrphanedUserError,
RoleNotFoundError, RoleNotFoundError,
) )
from server.routes.orgs import ( from server.routes.orgs import (
get_me, get_me,
get_org_members, get_org_members,
org_router, org_router,
remove_org_member, remove_org_member,
update_org_member, update_org_member,
) )
from storage.org import Org from storage.org import Org
from openhands.server.user_auth import get_user_id
from openhands.server.user_auth import get_user_id
# Test user ID constant (must be a valid UUID string) # Test user ID constant (must be a valid UUID string)
TEST_USER_ID = str(uuid.uuid4()) TEST_USER_ID = str(uuid.uuid4())

653
enterprise/tests/unit/storage/test_auth_token_store.py
View File

@@ -1,127 +1,127 @@
"""Unit tests for AuthTokenStore.""" """Unit tests for AuthTokenStore using SQLite in-memory database."""
import time import time
from contextlib import asynccontextmanager from unittest.mock import patch
from typing import Dict
from unittest.mock import AsyncMock, MagicMock, patch
import pytest import pytest
from server.auth.auth_error import TokenRefreshError from sqlalchemy import select
from sqlalchemy.exc import OperationalError from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from sqlalchemy.pool import StaticPool
from storage.auth_token_store import ( from storage.auth_token_store import (
ACCESS_TOKEN_EXPIRY_BUFFER, ACCESS_TOKEN_EXPIRY_BUFFER,
LOCK_TIMEOUT_SECONDS, LOCK_TIMEOUT_SECONDS,
AuthTokenStore, AuthTokenStore,
) )
from storage.auth_tokens import AuthTokens
from storage.base import Base
from openhands.integrations.service_types import ProviderType from openhands.integrations.service_types import ProviderType
def create_mock_session():
"""Create a mock async session with properly configured context managers."""
session = AsyncMock()
# Create async context manager for begin()
@asynccontextmanager
async def begin_context():
yield
session.begin = begin_context
return session
def create_mock_session_maker(mock_session):
"""Create a mock async session maker."""
@asynccontextmanager
async def session_context():
yield mock_session
# Return a callable that returns the context manager
return lambda: session_context()
@pytest.fixture @pytest.fixture
def mock_session(): async def async_engine():
"""Create mock async session.""" """Create an async SQLite engine for testing."""
return create_mock_session() engine = create_async_engine(
'sqlite+aiosqlite:///:memory:',
poolclass=StaticPool,
@pytest.fixture connect_args={'check_same_thread': False},
def mock_session_maker(mock_session):
"""Create mock async session maker."""
return create_mock_session_maker(mock_session)
@pytest.fixture
def auth_token_store(mock_session_maker):
"""Create AuthTokenStore instance with mocked session maker."""
return AuthTokenStore(
keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
) )
return engine
@pytest.fixture
async def async_session_maker(async_engine):
"""Create an async session maker bound to the async engine."""
async_session_maker = async_sessionmaker(
bind=async_engine,
class_=AsyncSession,
expire_on_commit=False,
)
# Create all tables
async with async_engine.begin() as conn:
await conn.run_sync(Base.metadata.create_all)
return async_session_maker
class TestIsTokenExpired: class TestIsTokenExpired:
"""Tests for _is_token_expired method.""" """Tests for _is_token_expired method."""
def test_both_tokens_valid(self, auth_token_store): def test_both_tokens_valid(self):
"""Test when both tokens are valid (not expired).""" """Test when both tokens are valid (not expired)."""
store = AuthTokenStore(
keycloak_user_id='test-user',
idp=ProviderType.GITHUB,
)
current_time = int(time.time()) current_time = int(time.time())
access_expires = current_time + ACCESS_TOKEN_EXPIRY_BUFFER + 1000 access_expires = current_time + ACCESS_TOKEN_EXPIRY_BUFFER + 1000
refresh_expires = current_time + 1000 refresh_expires = current_time + 1000
access_expired, refresh_expired = auth_token_store._is_token_expired( access_expired, refresh_expired = store._is_token_expired(
access_expires, refresh_expires access_expires, refresh_expires
) )
assert access_expired is False assert access_expired is False
assert refresh_expired is False assert refresh_expired is False
def test_access_token_expired(self, auth_token_store): def test_access_token_expired(self):
"""Test when access token is expired but within buffer.""" """Test when access token is expired but within buffer."""
store = AuthTokenStore(
keycloak_user_id='test-user',
idp=ProviderType.GITHUB,
)
current_time = int(time.time()) current_time = int(time.time())
# Access token expires within buffer period # Access token expires within buffer period
access_expires = current_time + ACCESS_TOKEN_EXPIRY_BUFFER - 100 access_expires = current_time + ACCESS_TOKEN_EXPIRY_BUFFER - 100
refresh_expires = current_time + 10000 refresh_expires = current_time + 10000
access_expired, refresh_expired = auth_token_store._is_token_expired( access_expired, refresh_expired = store._is_token_expired(
access_expires, refresh_expires access_expires, refresh_expires
) )
assert access_expired is True assert access_expired is True
assert refresh_expired is False assert refresh_expired is False
def test_refresh_token_expired(self, auth_token_store): def test_refresh_token_expired(self):
"""Test when refresh token is expired.""" """Test when refresh token is expired."""
store = AuthTokenStore(
keycloak_user_id='test-user',
idp=ProviderType.GITHUB,
)
current_time = int(time.time()) current_time = int(time.time())
access_expires = current_time + ACCESS_TOKEN_EXPIRY_BUFFER + 1000 access_expires = current_time + ACCESS_TOKEN_EXPIRY_BUFFER + 1000
refresh_expires = current_time - 100 # Already expired refresh_expires = current_time - 100 # Already expired
access_expired, refresh_expired = auth_token_store._is_token_expired( access_expired, refresh_expired = store._is_token_expired(
access_expires, refresh_expires access_expires, refresh_expires
) )
assert access_expired is False assert access_expired is False
assert refresh_expired is True assert refresh_expired is True
def test_both_tokens_expired(self, auth_token_store): def test_both_tokens_expired(self):
"""Test when both tokens are expired.""" """Test when both tokens are expired."""
store = AuthTokenStore(
keycloak_user_id='test-user',
idp=ProviderType.GITHUB,
)
current_time = int(time.time()) current_time = int(time.time())
access_expires = current_time - 100 access_expires = current_time - 100
refresh_expires = current_time - 100 refresh_expires = current_time - 100
access_expired, refresh_expired = auth_token_store._is_token_expired( access_expired, refresh_expired = store._is_token_expired(
access_expires, refresh_expires access_expires, refresh_expires
) )
assert access_expired is True assert access_expired is True
assert refresh_expired is True assert refresh_expired is True
def test_zero_expiration_treated_as_never_expires(self, auth_token_store): def test_zero_expiration_treated_as_never_expires(self):
"""Test that 0 expiration time is treated as never expires.""" """Test that 0 expiration time is treated as never expires."""
access_expired, refresh_expired = auth_token_store._is_token_expired(0, 0) store = AuthTokenStore(
keycloak_user_id='test-user',
idp=ProviderType.GITHUB,
)
access_expired, refresh_expired = store._is_token_expired(0, 0)
assert access_expired is False assert access_expired is False
assert refresh_expired is False assert refresh_expired is False
@@ -131,427 +131,188 @@ class TestLoadTokensFastPath:
"""Tests for load_tokens fast path (no lock needed).""" """Tests for load_tokens fast path (no lock needed)."""
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_fast_path_token_not_found( async def test_fast_path_token_not_found(self, async_session_maker):
self, auth_token_store, mock_session_maker, mock_session
):
"""Test fast path returns None when no token record exists.""" """Test fast path returns None when no token record exists."""
mock_result = MagicMock() with patch('storage.auth_token_store.a_session_maker', async_session_maker):
mock_result.scalars.return_value.one_or_none.return_value = None store = AuthTokenStore(
mock_session.execute = AsyncMock(return_value=mock_result) keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
)
result = await auth_token_store.load_tokens() result = await store.load_tokens()
assert result is None assert result is None
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_fast_path_valid_token_no_refresh_needed( async def test_fast_path_valid_token_no_refresh_needed(self, async_session_maker):
self, auth_token_store, mock_session_maker, mock_session
):
"""Test fast path returns tokens when they are still valid.""" """Test fast path returns tokens when they are still valid."""
current_time = int(time.time()) current_time = int(time.time())
mock_token = MagicMock()
mock_token.access_token = 'valid-access-token' # First, store a valid token in the database
mock_token.refresh_token = 'valid-refresh-token' with patch('storage.auth_token_store.a_session_maker', async_session_maker):
mock_token.access_token_expires_at = ( store = AuthTokenStore(
current_time + ACCESS_TOKEN_EXPIRY_BUFFER + 1000 keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
) )
mock_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock() await store.store_tokens(
mock_result.scalars.return_value.one_or_none.return_value = mock_token access_token='valid-access-token',
mock_session.execute = AsyncMock(return_value=mock_result) refresh_token='valid-refresh-token',
access_token_expires_at=current_time
+ ACCESS_TOKEN_EXPIRY_BUFFER
+ 1000,
refresh_token_expires_at=current_time + 10000,
)
result = await auth_token_store.load_tokens() # Now load tokens - should return valid tokens without refresh
result = await store.load_tokens()
assert result is not None assert result is not None
assert result['access_token'] == 'valid-access-token' assert result['access_token'] == 'valid-access-token'
assert result['refresh_token'] == 'valid-refresh-token' assert result['refresh_token'] == 'valid-refresh-token'
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_fast_path_no_refresh_callback_provided( async def test_fast_path_no_refresh_callback_provided(self, async_session_maker):
self, auth_token_store, mock_session_maker, mock_session
):
"""Test fast path returns existing tokens when no refresh callback is provided.""" """Test fast path returns existing tokens when no refresh callback is provided."""
current_time = int(time.time()) current_time = int(time.time())
mock_token = MagicMock()
mock_token.access_token = 'expired-access-token'
mock_token.refresh_token = 'valid-refresh-token'
# Expired access token
mock_token.access_token_expires_at = current_time - 100
mock_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock() # Store expired access token
mock_result.scalars.return_value.one_or_none.return_value = mock_token with patch('storage.auth_token_store.a_session_maker', async_session_maker):
mock_session.execute = AsyncMock(return_value=mock_result) store = AuthTokenStore(
keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
)
result = await auth_token_store.load_tokens(check_expiration_and_refresh=None) await store.store_tokens(
access_token='expired-access-token',
refresh_token='valid-refresh-token',
access_token_expires_at=current_time - 100, # Expired
refresh_token_expires_at=current_time + 10000,
)
# Load without refresh callback - should still return tokens
result = await store.load_tokens(check_expiration_and_refresh=None)
assert result is not None assert result is not None
assert result['access_token'] == 'expired-access-token' assert result['access_token'] == 'expired-access-token'
class TestLoadTokensSlowPath: class TestLoadTokensSlowPath:
"""Tests for load_tokens slow path (lock required for refresh).""" """Tests for load_tokens slow path (lock required for refresh).
Note: These tests require PostgreSQL's lock_timeout feature which is not
available in SQLite. The slow path tests are skipped when using SQLite.
"""
@pytest.mark.skip(reason='SQLite does not support PostgreSQL lock_timeout syntax')
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_slow_path_successful_refresh(self): async def test_slow_path_successful_refresh(self, async_session_maker):
"""Test slow path successfully refreshes expired tokens.""" """Test slow path successfully refreshes expired tokens."""
current_time = int(time.time()) pass
mock_session = create_mock_session()
# First call (fast path) - returns expired token
# Second call (slow path) - returns same token for update
expired_token = MagicMock()
expired_token.id = 1
expired_token.access_token = 'expired-access-token'
expired_token.refresh_token = 'valid-refresh-token'
expired_token.access_token_expires_at = current_time - 100 # Expired
expired_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock()
mock_result.scalars.return_value.one_or_none.return_value = expired_token
mock_session.execute = AsyncMock(return_value=mock_result)
mock_session.commit = AsyncMock()
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
)
async def mock_refresh(
idp: ProviderType, refresh_token: str, access_exp: int, refresh_exp: int
) -> Dict[str, str | int]:
return {
'access_token': 'new-access-token',
'refresh_token': 'new-refresh-token',
'access_token_expires_at': current_time + 3600,
'refresh_token_expires_at': current_time + 86400,
}
result = await auth_store.load_tokens(check_expiration_and_refresh=mock_refresh)
assert result is not None
assert result['access_token'] == 'new-access-token'
assert result['refresh_token'] == 'new-refresh-token'
@pytest.mark.skip(reason='SQLite does not support PostgreSQL lock_timeout syntax')
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_slow_path_double_check_avoids_refresh(self): async def test_refresh_callback_returns_none(self, async_session_maker):
"""Test double-check locking: token was refreshed by another request."""
current_time = int(time.time())
mock_session = create_mock_session()
# Simulate scenario:
# 1. Fast path sees expired token
# 2. While waiting for lock, another request refreshes
# 3. Slow path sees fresh token, skips refresh
call_count = [0]
def create_token():
call_count[0] += 1
token = MagicMock()
token.id = 1
token.access_token = 'fresh-access-token'
token.refresh_token = 'fresh-refresh-token'
if call_count[0] == 1:
# First call (fast path) - expired
token.access_token_expires_at = current_time - 100
else:
# Second call (slow path) - already refreshed
token.access_token_expires_at = (
current_time + ACCESS_TOKEN_EXPIRY_BUFFER + 1000
)
token.refresh_token_expires_at = current_time + 86400
return token
mock_result = MagicMock()
mock_result.scalars.return_value.one_or_none.side_effect = (
lambda: create_token()
)
mock_session.execute = AsyncMock(return_value=mock_result)
mock_session.commit = AsyncMock()
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
)
refresh_called = [False]
async def mock_refresh(
idp: ProviderType, refresh_token: str, access_exp: int, refresh_exp: int
) -> Dict[str, str | int]:
refresh_called[0] = True
return {
'access_token': 'should-not-be-used',
'refresh_token': 'should-not-be-used',
'access_token_expires_at': current_time + 3600,
'refresh_token_expires_at': current_time + 86400,
}
result = await auth_store.load_tokens(check_expiration_and_refresh=mock_refresh)
# The refresh callback should not be called because double-check
# found the token was already refreshed
assert result is not None
assert result['access_token'] == 'fresh-access-token'
@pytest.mark.asyncio
async def test_slow_path_token_not_found_after_lock(self):
"""Test slow path returns None if token record disappears after lock."""
current_time = int(time.time())
mock_session = create_mock_session()
# First call (fast path) - token exists but expired
# Second call (slow path with lock) - token no longer exists
call_count = [0]
def get_token():
call_count[0] += 1
if call_count[0] == 1:
token = MagicMock()
token.access_token_expires_at = current_time - 100 # Expired
token.refresh_token_expires_at = current_time + 10000
return token
return None
mock_result = MagicMock()
mock_result.scalars.return_value.one_or_none.side_effect = get_token
mock_session.execute = AsyncMock(return_value=mock_result)
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
)
async def mock_refresh(*args) -> Dict[str, str | int]:
return {
'access_token': 'new-token',
'refresh_token': 'new-refresh',
'access_token_expires_at': current_time + 3600,
'refresh_token_expires_at': current_time + 86400,
}
result = await auth_store.load_tokens(check_expiration_and_refresh=mock_refresh)
assert result is None
class TestLoadTokensLockTimeout:
"""Tests for lock timeout handling."""
@pytest.mark.asyncio
async def test_lock_timeout_raises_token_refresh_error(self):
"""Test that lock timeout raises TokenRefreshError."""
current_time = int(time.time())
mock_session = create_mock_session()
# First call (fast path) - returns expired token
expired_token = MagicMock()
expired_token.access_token_expires_at = current_time - 100
expired_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock()
mock_result.scalars.return_value.one_or_none.return_value = expired_token
# First execute for fast path succeeds
# Second execute (for slow path) raises OperationalError
call_count = [0]
async def execute_side_effect(*args, **kwargs):
call_count[0] += 1
if call_count[0] <= 1:
return mock_result
# Simulate lock timeout
raise OperationalError(
'canceling statement due to lock timeout', None, None
)
mock_session.execute = execute_side_effect
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
)
async def mock_refresh(*args) -> Dict[str, str | int]:
return {
'access_token': 'new-token',
'refresh_token': 'new-refresh',
'access_token_expires_at': current_time + 3600,
'refresh_token_expires_at': current_time + 86400,
}
with pytest.raises(TokenRefreshError) as exc_info:
await auth_store.load_tokens(check_expiration_and_refresh=mock_refresh)
assert 'lock timeout' in str(exc_info.value).lower()
@pytest.mark.asyncio
async def test_lock_timeout_preserves_original_exception(self):
"""Test that TokenRefreshError preserves the original OperationalError."""
current_time = int(time.time())
mock_session = create_mock_session()
expired_token = MagicMock()
expired_token.access_token_expires_at = current_time - 100
expired_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock()
mock_result.scalars.return_value.one_or_none.return_value = expired_token
original_error = OperationalError(
'canceling statement due to lock timeout', None, None
)
call_count = [0]
async def execute_side_effect(*args, **kwargs):
call_count[0] += 1
if call_count[0] <= 1:
return mock_result
raise original_error
mock_session.execute = execute_side_effect
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
)
async def mock_refresh(*args) -> Dict[str, str | int]:
return {
'access_token': 'new-token',
'refresh_token': 'new-refresh',
'access_token_expires_at': current_time + 3600,
'refresh_token_expires_at': current_time + 86400,
}
with pytest.raises(TokenRefreshError) as exc_info:
await auth_store.load_tokens(check_expiration_and_refresh=mock_refresh)
# Verify the original exception is chained
assert exc_info.value.__cause__ is original_error
class TestLoadTokensRefreshCallbackBehavior:
"""Tests for refresh callback return values."""
@pytest.mark.asyncio
async def test_refresh_callback_returns_none(self):
"""Test behavior when refresh callback returns None (no refresh performed).""" """Test behavior when refresh callback returns None (no refresh performed)."""
pass
@pytest.mark.asyncio
async def test_slow_path_double_check_avoids_refresh(self, async_session_maker):
"""Test double-check pattern avoids unnecessary refresh."""
current_time = int(time.time()) current_time = int(time.time())
mock_session = create_mock_session()
expired_token = MagicMock() with patch('storage.auth_token_store.a_session_maker', async_session_maker):
expired_token.id = 1 store = AuthTokenStore(
expired_token.access_token = 'old-access-token'
expired_token.refresh_token = 'old-refresh-token'
expired_token.access_token_expires_at = current_time - 100 # Expired
expired_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock()
mock_result.scalars.return_value.one_or_none.return_value = expired_token
mock_session.execute = AsyncMock(return_value=mock_result)
mock_session.commit = AsyncMock()
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123', keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB, idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
) )
async def mock_refresh_returns_none( # Store a token that will be valid when second check happens
idp: ProviderType, refresh_token: str, access_exp: int, refresh_exp: int await store.store_tokens(
) -> Dict[str, str | int] | None: access_token='original-access-token',
return None refresh_token='valid-refresh-token',
access_token_expires_at=current_time
result = await auth_store.load_tokens( + ACCESS_TOKEN_EXPIRY_BUFFER
check_expiration_and_refresh=mock_refresh_returns_none + 1000,
refresh_token_expires_at=current_time + 10000,
) )
# Should return the old tokens when refresh returns None # Load with refresh callback - should NOT refresh since token is valid
result = await store.load_tokens()
assert result is not None assert result is not None
assert result['access_token'] == 'old-access-token' assert result['access_token'] == 'original-access-token'
assert result['refresh_token'] == 'old-refresh-token'
class TestStoreTokens: class TestStoreTokens:
"""Tests for store_tokens method.""" """Tests for store_tokens method."""
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_store_tokens_creates_new_record(self): async def test_store_tokens_creates_new_record(self, async_session_maker):
"""Test storing tokens when no existing record.""" """Test storing tokens when no existing record."""
mock_session = create_mock_session() with patch('storage.auth_token_store.a_session_maker', async_session_maker):
mock_result = MagicMock() store = AuthTokenStore(
mock_result.scalars.return_value.first.return_value = None
mock_session.execute = AsyncMock(return_value=mock_result)
mock_session.add = MagicMock()
mock_session.commit = AsyncMock()
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123', keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB, idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
) )
await auth_store.store_tokens( await store.store_tokens(
access_token='new-access-token', access_token='new-access-token',
refresh_token='new-refresh-token', refresh_token='new-refresh-token',
access_token_expires_at=1234567890, access_token_expires_at=1234567890,
refresh_token_expires_at=1234657890, refresh_token_expires_at=1234657890,
) )
mock_session.add.assert_called_once() # Verify the token was stored
async with async_session_maker() as session:
result = await session.execute(
select(AuthTokens).where(
AuthTokens.keycloak_user_id == 'test-user-123',
AuthTokens.identity_provider == ProviderType.GITHUB.value,
)
)
token_record = result.scalars().first()
assert token_record is not None
assert token_record.access_token == 'new-access-token'
assert token_record.refresh_token == 'new-refresh-token'
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_store_tokens_updates_existing_record(self): async def test_store_tokens_updates_existing_record(self, async_session_maker):
"""Test storing tokens updates existing record.""" """Test storing tokens updates existing record."""
mock_session = create_mock_session() with patch('storage.auth_token_store.a_session_maker', async_session_maker):
existing_token = MagicMock() store = AuthTokenStore(
existing_token.access_token = 'old-access'
mock_result = MagicMock()
mock_result.scalars.return_value.first.return_value = existing_token
mock_session.execute = AsyncMock(return_value=mock_result)
mock_session.commit = AsyncMock()
mock_session_maker = create_mock_session_maker(mock_session)
auth_store = AuthTokenStore(
keycloak_user_id='test-user-123', keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB, idp=ProviderType.GITHUB,
a_session_maker=mock_session_maker,
) )
await auth_store.store_tokens( # First, create a token record
access_token='new-access-token', await store.store_tokens(
refresh_token='new-refresh-token', access_token='old-access-token',
refresh_token='old-refresh-token',
access_token_expires_at=1234567890, access_token_expires_at=1234567890,
refresh_token_expires_at=1234657890, refresh_token_expires_at=1234657890,
) )
assert existing_token.access_token == 'new-access-token' # Now update it
assert existing_token.refresh_token == 'new-refresh-token' await store.store_tokens(
access_token='new-access-token',
refresh_token='new-refresh-token',
access_token_expires_at=1234567891,
refresh_token_expires_at=1234657891,
)
# Verify the token was updated
async with async_session_maker() as session:
result = await session.execute(
select(AuthTokens).where(
AuthTokens.keycloak_user_id == 'test-user-123',
AuthTokens.identity_provider == ProviderType.GITHUB.value,
)
)
token_record = result.scalars().first()
assert token_record is not None
assert token_record.access_token == 'new-access-token'
assert token_record.refresh_token == 'new-refresh-token'
class TestIsAccessTokenValid: class TestIsAccessTokenValid:
@@ -559,54 +320,64 @@ class TestIsAccessTokenValid:
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_is_access_token_valid_returns_false_when_no_tokens( async def test_is_access_token_valid_returns_false_when_no_tokens(
self, auth_token_store, mock_session_maker, mock_session self, async_session_maker
): ):
"""Test returns False when no tokens found.""" """Test returns False when no tokens found."""
mock_result = MagicMock() with patch('storage.auth_token_store.a_session_maker', async_session_maker):
mock_result.scalars.return_value.one_or_none.return_value = None store = AuthTokenStore(
mock_session.execute = AsyncMock(return_value=mock_result) keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
)
result = await auth_token_store.is_access_token_valid() result = await store.is_access_token_valid()
assert result is False assert result is False
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_is_access_token_valid_returns_true_for_valid_token( async def test_is_access_token_valid_returns_true_for_valid_token(
self, auth_token_store, mock_session_maker, mock_session self, async_session_maker
): ):
"""Test returns True when token is valid.""" """Test returns True when token is valid."""
current_time = int(time.time()) current_time = int(time.time())
mock_token = MagicMock()
mock_token.access_token = 'valid-access'
mock_token.refresh_token = 'valid-refresh'
mock_token.access_token_expires_at = current_time + 1000
mock_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock() with patch('storage.auth_token_store.a_session_maker', async_session_maker):
mock_result.scalars.return_value.one_or_none.return_value = mock_token store = AuthTokenStore(
mock_session.execute = AsyncMock(return_value=mock_result) keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
)
result = await auth_token_store.is_access_token_valid() await store.store_tokens(
access_token='valid-access',
refresh_token='valid-refresh',
access_token_expires_at=current_time + 1000,
refresh_token_expires_at=current_time + 10000,
)
result = await store.is_access_token_valid()
assert result is True assert result is True
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_is_access_token_valid_returns_false_for_expired_token( async def test_is_access_token_valid_returns_false_for_expired_token(
self, auth_token_store, mock_session_maker, mock_session self, async_session_maker
): ):
"""Test returns False when token is expired.""" """Test returns False when token is expired."""
current_time = int(time.time()) current_time = int(time.time())
mock_token = MagicMock()
mock_token.access_token = 'expired-access'
mock_token.refresh_token = 'valid-refresh'
mock_token.access_token_expires_at = current_time - 100 # Expired
mock_token.refresh_token_expires_at = current_time + 10000
mock_result = MagicMock() with patch('storage.auth_token_store.a_session_maker', async_session_maker):
mock_result.scalars.return_value.one_or_none.return_value = mock_token store = AuthTokenStore(
mock_session.execute = AsyncMock(return_value=mock_result) keycloak_user_id='test-user-123',
idp=ProviderType.GITHUB,
)
result = await auth_token_store.is_access_token_valid() await store.store_tokens(
access_token='expired-access',
refresh_token='valid-refresh',
access_token_expires_at=current_time - 100, # Expired
refresh_token_expires_at=current_time + 10000,
)
result = await store.is_access_token_valid()
assert result is False assert result is False
@@ -615,24 +386,27 @@ class TestGetInstance:
"""Tests for get_instance class method.""" """Tests for get_instance class method."""
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_get_instance_creates_auth_token_store(self): async def test_get_instance_creates_auth_token_store(self, async_session_maker):
"""Test get_instance creates an AuthTokenStore with correct params.""" """Test get_instance creates an AuthTokenStore with correct params."""
with patch('storage.auth_token_store.a_session_maker') as mock_a_session_maker: with patch('storage.auth_token_store.a_session_maker', async_session_maker):
store = await AuthTokenStore.get_instance( store = await AuthTokenStore.get_instance(
keycloak_user_id='user-123', idp=ProviderType.GITHUB keycloak_user_id='user-123', idp=ProviderType.GITHUB
) )
assert store.keycloak_user_id == 'user-123' assert store.keycloak_user_id == 'user-123'
assert store.idp == ProviderType.GITHUB assert store.idp == ProviderType.GITHUB
assert store.a_session_maker is mock_a_session_maker
class TestIdentityProviderValue: class TestIdentityProviderValue:
"""Tests for identity_provider_value property.""" """Tests for identity_provider_value property."""
def test_identity_provider_value_returns_idp_value(self, auth_token_store): def test_identity_provider_value_returns_idp_value(self):
"""Test that identity_provider_value returns the enum value.""" """Test that identity_provider_value returns the enum value."""
assert auth_token_store.identity_provider_value == ProviderType.GITHUB.value store = AuthTokenStore(
keycloak_user_id='test-user',
idp=ProviderType.GITHUB,
)
assert store.identity_provider_value == ProviderType.GITHUB.value
def test_identity_provider_value_for_different_providers(self): def test_identity_provider_value_for_different_providers(self):
"""Test identity_provider_value for different providers.""" """Test identity_provider_value for different providers."""
@@ -644,7 +418,6 @@ class TestIdentityProviderValue:
store = AuthTokenStore( store = AuthTokenStore(
keycloak_user_id='test-user', keycloak_user_id='test-user',
idp=provider, idp=provider,
a_session_maker=MagicMock(),
) )
assert store.identity_provider_value == provider.value assert store.identity_provider_value == provider.value

46
enterprise/tests/unit/storage/test_gitlab_webhook_store.py
View File

@@ -9,16 +9,35 @@ from storage.base import Base
from storage.gitlab_webhook import GitlabWebhook from storage.gitlab_webhook import GitlabWebhook
from storage.gitlab_webhook_store import GitlabWebhookStore from storage.gitlab_webhook_store import GitlabWebhookStore
# Use module-scoped engine to share database across fixtures
_test_engine = None
@pytest.fixture
async def async_engine(): @pytest.fixture(scope='function')
"""Create an async SQLite engine for testing.""" def event_loop():
"""Create an instance of the default event loop for each test case."""
import asyncio
loop = asyncio.get_event_loop_policy().new_event_loop()
yield loop
loop.close()
@pytest.fixture(scope='function')
async def async_engine(event_loop):
"""Create an async SQLite engine for testing.
This fixture creates an in-memory SQLite database and ensures
all tables are created before tests run.
"""
global _test_engine
engine = create_async_engine( engine = create_async_engine(
'sqlite+aiosqlite:///:memory:', 'sqlite+aiosqlite:///:memory:',
poolclass=StaticPool, poolclass=StaticPool,
connect_args={'check_same_thread': False}, connect_args={'check_same_thread': False},
echo=False, echo=False,
) )
_test_engine = engine
# Create all tables # Create all tables
async with engine.begin() as conn: async with engine.begin() as conn:
@@ -29,7 +48,7 @@ async def async_engine():
await engine.dispose() await engine.dispose()
@pytest.fixture @pytest.fixture(scope='function')
async def async_session_maker(async_engine): async def async_session_maker(async_engine):
"""Create an async session maker for testing.""" """Create an async session maker for testing."""
return async_sessionmaker(async_engine, class_=AsyncSession, expire_on_commit=False) return async_sessionmaker(async_engine, class_=AsyncSession, expire_on_commit=False)
@@ -37,8 +56,21 @@ async def async_session_maker(async_engine):
@pytest.fixture @pytest.fixture
async def webhook_store(async_session_maker): async def webhook_store(async_session_maker):
"""Create a GitlabWebhookStore instance for testing.""" """Create a GitlabWebhookStore instance for testing.
return GitlabWebhookStore(a_session_maker=async_session_maker)
This fixture injects the test's async_session_maker to ensure
the store uses the same in-memory database as the test fixtures.
"""
# Import here to avoid circular imports
store = GitlabWebhookStore()
# Inject the test session maker - this needs to replace the module-level import
import storage.gitlab_webhook_store as store_module
store_module.a_session_maker = async_session_maker
return store
@pytest.fixture @pytest.fixture
@@ -102,7 +134,7 @@ class TestGetWebhookByResourceOnly:
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_get_project_webhook_by_resource_only( async def test_get_project_webhook_by_resource_only(
self, webhook_store, async_session_maker, sample_webhooks self, webhook_store, sample_webhooks
): ):
"""Test getting a project webhook by resource ID without user_id filter.""" """Test getting a project webhook by resource ID without user_id filter."""
# Arrange # Arrange

16
enterprise/tests/unit/storage/test_org_app_settings_store.py
View File

@@ -5,21 +5,15 @@ Tests the async database operations for organization app settings.
""" """
import uuid import uuid
from unittest.mock import patch
import pytest import pytest
from server.routes.org_models import OrgAppSettingsUpdate
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from sqlalchemy.pool import StaticPool from sqlalchemy.pool import StaticPool
from storage.base import Base
# Mock the database module before importing from storage.org import Org
with patch('storage.database.engine', create=True), patch( from storage.org_app_settings_store import OrgAppSettingsStore
'storage.database.a_engine', create=True from storage.user import User
):
from server.routes.org_models import OrgAppSettingsUpdate
from storage.base import Base
from storage.org import Org
from storage.org_app_settings_store import OrgAppSettingsStore
from storage.user import User
@pytest.fixture @pytest.fixture

15
enterprise/tests/unit/storage/test_org_llm_settings_store.py
View File

@@ -8,18 +8,13 @@ import uuid
from unittest.mock import AsyncMock, patch from unittest.mock import AsyncMock, patch
import pytest import pytest
from server.routes.org_models import OrgLLMSettingsUpdate
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from sqlalchemy.pool import StaticPool from sqlalchemy.pool import StaticPool
from storage.base import Base
# Mock the database module before importing from storage.org import Org
with patch('storage.database.engine', create=True), patch( from storage.org_llm_settings_store import OrgLLMSettingsStore
'storage.database.a_engine', create=True from storage.user import User
):
from server.routes.org_models import OrgLLMSettingsUpdate
from storage.base import Base
from storage.org import Org
from storage.org_llm_settings_store import OrgLLMSettingsStore
from storage.user import User
@pytest.fixture @pytest.fixture

16
enterprise/tests/unit/storage/test_user_app_settings_store.py
View File

@@ -5,21 +5,15 @@ Tests the async database operations for user app settings.
""" """
import uuid import uuid
from unittest.mock import patch
import pytest import pytest
from server.routes.user_app_settings_models import UserAppSettingsUpdate
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from sqlalchemy.pool import StaticPool from sqlalchemy.pool import StaticPool
from storage.base import Base
# Mock the database module before importing from storage.org import Org
with patch('storage.database.engine', create=True), patch( from storage.user import User
'storage.database.a_engine', create=True from storage.user_app_settings_store import UserAppSettingsStore
):
from server.routes.user_app_settings_models import UserAppSettingsUpdate
from storage.base import Base
from storage.org import Org
from storage.user import User
from storage.user_app_settings_store import UserAppSettingsStore
@pytest.fixture @pytest.fixture

660
enterprise/tests/unit/test_api_key_store.py
View File

@@ -1,40 +1,49 @@
import uuid
from datetime import UTC, datetime, timedelta from datetime import UTC, datetime, timedelta
from unittest.mock import MagicMock, patch from unittest.mock import AsyncMock, MagicMock, patch
import pytest import pytest
from sqlalchemy import select
from storage.api_key import ApiKey
from storage.api_key_store import ApiKeyStore from storage.api_key_store import ApiKeyStore
@pytest.fixture
def mock_session():
session = MagicMock()
return session
@pytest.fixture
def mock_session_maker(mock_session):
session_maker = MagicMock()
session_maker.return_value.__enter__.return_value = mock_session
session_maker.return_value.__exit__.return_value = None
return session_maker
@pytest.fixture @pytest.fixture
def mock_user(): def mock_user():
"""Mock user with org_id.""" """Mock user with org_id."""
user = MagicMock() user = MagicMock()
user.current_org_id = 'test-org-123' user.current_org_id = uuid.uuid4()
return user return user
@pytest.fixture @pytest.fixture
def api_key_store(mock_session_maker): def api_key_store():
return ApiKeyStore(mock_session_maker) return ApiKeyStore()
def run_sync(func, *args, **kwargs): @pytest.fixture
"""Helper to execute sync functions directly (mocks call_sync_from_async).""" def mock_litellm_api():
return func(*args, **kwargs) api_key_patch = patch('storage.lite_llm_manager.LITE_LLM_API_KEY', 'test_key')
api_url_patch = patch(
'storage.lite_llm_manager.LITE_LLM_API_URL', 'http://test.url'
)
team_id_patch = patch('storage.lite_llm_manager.LITE_LLM_TEAM_ID', 'test_team')
client_patch = patch('httpx.AsyncClient')
with api_key_patch, api_url_patch, team_id_patch, client_patch as mock_client:
mock_response = AsyncMock()
mock_response.is_success = True
mock_response.json = MagicMock(return_value={'key': 'test_api_key'})
mock_client.return_value.__aenter__.return_value.post.return_value = (
mock_response
)
mock_client.return_value.__aenter__.return_value.get.return_value = (
mock_response
)
mock_client.return_value.__aenter__.return_value.patch.return_value = (
mock_response
)
yield mock_client
def test_generate_api_key(api_key_store): def test_generate_api_key(api_key_store):
@@ -47,294 +56,451 @@ def test_generate_api_key(api_key_store):
@pytest.mark.asyncio @pytest.mark.asyncio
@patch('storage.api_key_store.call_sync_from_async', side_effect=run_sync)
@patch('storage.api_key_store.UserStore.get_user_by_id_async') @patch('storage.api_key_store.UserStore.get_user_by_id_async')
async def test_create_api_key( async def test_create_api_key(
mock_get_user, mock_call_sync, api_key_store, mock_session, mock_user mock_get_user, api_key_store, async_session_maker, mock_user
): ):
"""Test creating an API key.""" """Test creating an API key."""
# Setup # Setup
user_id = 'test-user-123' user_id = str(uuid.uuid4())
name = 'Test Key' name = 'Test Key'
mock_get_user.return_value = mock_user mock_get_user.return_value = mock_user
api_key_store.generate_api_key = MagicMock(return_value='test-api-key')
# Patch a_session_maker in the api_key_store module to use the test's async session maker
with patch('storage.api_key_store.a_session_maker', async_session_maker):
# Execute # Execute
result = await api_key_store.create_api_key(user_id, name) result = await api_key_store.create_api_key(user_id, name)
# Verify # Verify
assert result == 'test-api-key' assert result.startswith('sk-oh-')
mock_get_user.assert_called_once_with(user_id) mock_get_user.assert_called_once_with(user_id)
mock_session.add.assert_called_once()
mock_session.commit.assert_called_once()
api_key_store.generate_api_key.assert_called_once()
# Verify the ApiKey was created with the correct org_id # Verify the ApiKey was created in the database using async session
added_api_key = mock_session.add.call_args[0][0] async with async_session_maker() as session:
assert added_api_key.org_id == mock_user.current_org_id result_db = await session.execute(
select(ApiKey).filter(ApiKey.user_id == user_id)
def test_validate_api_key_valid(api_key_store, mock_session):
"""Test validating a valid API key."""
# Setup
api_key = 'test-api-key'
user_id = 'test-user-123'
mock_key_record = MagicMock()
mock_key_record.user_id = user_id
mock_key_record.expires_at = None
mock_key_record.id = 1
mock_session.query.return_value.filter.return_value.first.return_value = (
mock_key_record
) )
api_key = result_db.scalars().first()
# Execute assert api_key is not None
result = api_key_store.validate_api_key(api_key) assert api_key.name == name
assert api_key.org_id == mock_user.current_org_id
# Verify
assert result == user_id
mock_session.execute.assert_called_once() @pytest.mark.asyncio
mock_session.commit.assert_called_once() async def test_validate_api_key_valid(api_key_store, async_session_maker):
"""Test validating a valid API key."""
# Setup - create an API key in the database
def test_validate_api_key_expired(api_key_store, mock_session): user_id = str(uuid.uuid4())
"""Test validating an expired API key.""" org_id = uuid.uuid4()
# Setup api_key_value = 'test-api-key'
api_key = 'test-api-key'
mock_key_record = MagicMock() async with async_session_maker() as session:
mock_key_record.expires_at = datetime.now(UTC) - timedelta(days=1) key_record = ApiKey(
mock_key_record.id = 1 key=api_key_value,
mock_session.query.return_value.filter.return_value.first.return_value = ( user_id=user_id,
mock_key_record org_id=org_id,
) name='Test Key',
expires_at=None,
# Execute )
result = api_key_store.validate_api_key(api_key) session.add(key_record)
await session.commit()
# Verify
assert result is None # Execute - patch a_session_maker to use test's async session maker
mock_session.execute.assert_not_called() with patch('storage.api_key_store.a_session_maker', async_session_maker):
mock_session.commit.assert_not_called() result = await api_key_store.validate_api_key(api_key_value)
# Verify
def test_validate_api_key_expired_timezone_naive(api_key_store, mock_session): assert result == user_id
"""Test validating an expired API key with timezone-naive datetime from database."""
# Setup
api_key = 'test-api-key' @pytest.mark.asyncio
mock_key_record = MagicMock() async def test_validate_api_key_expired(
# Simulate timezone-naive datetime as returned from database api_key_store, session_maker, async_session_maker
mock_key_record.expires_at = datetime.now() - timedelta(days=1) # No UTC timezone ):
mock_key_record.id = 1 """Test validating an expired API key."""
mock_session.query.return_value.filter.return_value.first.return_value = ( # Setup - create an expired API key in the database
mock_key_record user_id = str(uuid.uuid4())
) org_id = uuid.uuid4()
api_key_value = 'test-expired-key'
# Execute
result = api_key_store.validate_api_key(api_key) async with async_session_maker() as session:
key_record = ApiKey(
# Verify key=api_key_value,
assert result is None user_id=user_id,
mock_session.execute.assert_not_called() org_id=org_id,
mock_session.commit.assert_not_called() name='Test Key',
expires_at=datetime.now(UTC) - timedelta(days=1),
)
def test_validate_api_key_valid_timezone_naive(api_key_store, mock_session): session.add(key_record)
"""Test validating a valid API key with timezone-naive datetime from database.""" await session.commit()
# Setup
api_key = 'test-api-key' # Execute - patch a_session_maker to use test's async session maker
user_id = 'test-user-123' with patch('storage.api_key_store.a_session_maker', async_session_maker):
mock_key_record = MagicMock() result = await api_key_store.validate_api_key(api_key_value)
mock_key_record.user_id = user_id
# Simulate timezone-naive datetime as returned from database (future date) # Verify
mock_key_record.expires_at = datetime.now() + timedelta(days=1) # No UTC timezone assert result is None
mock_key_record.id = 1
mock_session.query.return_value.filter.return_value.first.return_value = (
mock_key_record @pytest.mark.asyncio
) async def test_validate_api_key_expired_timezone_naive(
api_key_store, session_maker, async_session_maker
# Execute ):
result = api_key_store.validate_api_key(api_key) """Test validating an expired API key with timezone-naive datetime from database."""
# Setup - create an expired API key with timezone-naive datetime
# Verify user_id = str(uuid.uuid4())
assert result == user_id org_id = uuid.uuid4()
mock_session.execute.assert_called_once() api_key_value = 'test-expired-naive-key'
mock_session.commit.assert_called_once()
async with async_session_maker() as session:
key_record = ApiKey(
def test_validate_api_key_not_found(api_key_store, mock_session): key=api_key_value,
"""Test validating a non-existent API key.""" user_id=user_id,
# Setup org_id=org_id,
api_key = 'test-api-key' name='Test Key',
query_result = mock_session.query.return_value.filter.return_value # Timezone-naive datetime (database stores this)
query_result.first.return_value = None expires_at=datetime.now() - timedelta(days=1),
)
# Execute session.add(key_record)
result = api_key_store.validate_api_key(api_key) await session.commit()
# Verify # Execute - patch a_session_maker to use test's async session maker
assert result is None with patch('storage.api_key_store.a_session_maker', async_session_maker):
mock_session.execute.assert_not_called() result = await api_key_store.validate_api_key(api_key_value)
mock_session.commit.assert_not_called()
# Verify
assert result is None
def test_delete_api_key(api_key_store, mock_session):
"""Test deleting an API key."""
# Setup @pytest.mark.asyncio
api_key = 'test-api-key' async def test_validate_api_key_valid_timezone_naive(
mock_key_record = MagicMock() api_key_store, session_maker, async_session_maker
mock_session.query.return_value.filter.return_value.first.return_value = ( ):
mock_key_record """Test validating a valid API key with timezone-naive datetime from database."""
) # Setup - create a valid API key with timezone-naive datetime (future date)
user_id = str(uuid.uuid4())
# Execute org_id = uuid.uuid4()
result = api_key_store.delete_api_key(api_key) api_key_value = 'test-valid-naive-key'
# Verify async with async_session_maker() as session:
assert result is True key_record = ApiKey(
mock_session.delete.assert_called_once_with(mock_key_record) key=api_key_value,
mock_session.commit.assert_called_once() user_id=user_id,
org_id=org_id,
name='Test Key',
def test_delete_api_key_not_found(api_key_store, mock_session): # Timezone-naive datetime in the future
"""Test deleting a non-existent API key.""" expires_at=datetime.now() + timedelta(days=1),
# Setup )
api_key = 'test-api-key' session.add(key_record)
query_result = mock_session.query.return_value.filter.return_value await session.commit()
query_result.first.return_value = None
# Execute - patch a_session_maker to use test's async session maker
# Execute with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = api_key_store.delete_api_key(api_key) result = await api_key_store.validate_api_key(api_key_value)
# Verify # Verify
assert result is False assert result == user_id
mock_session.delete.assert_not_called()
mock_session.commit.assert_not_called()
@pytest.mark.asyncio
async def test_validate_api_key_not_found(api_key_store, async_session_maker):
def test_delete_api_key_by_id(api_key_store, mock_session): """Test validating a non-existent API key."""
"""Test deleting an API key by ID.""" # Execute
# Setup with patch('storage.api_key_store.a_session_maker', async_session_maker):
key_id = 123 result = await api_key_store.validate_api_key('non-existent-key')
mock_key_record = MagicMock()
mock_session.query.return_value.filter.return_value.first.return_value = ( # Verify
mock_key_record assert result is None
)
# Execute @pytest.mark.asyncio
result = api_key_store.delete_api_key_by_id(key_id) async def test_delete_api_key(api_key_store, async_session_maker):
"""Test deleting an API key."""
# Verify # Setup - create an API key in the database
assert result is True user_id = str(uuid.uuid4())
mock_session.delete.assert_called_once_with(mock_key_record) org_id = uuid.uuid4()
mock_session.commit.assert_called_once() api_key_value = 'test-delete-key'
async with async_session_maker() as session:
key_record = ApiKey(
key=api_key_value,
user_id=user_id,
org_id=org_id,
name='Test Key',
)
session.add(key_record)
await session.commit()
# Execute - patch a_session_maker to use test's async session maker
with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = await api_key_store.delete_api_key(api_key_value)
# Verify
assert result is True
# Verify it was deleted from the database
async with async_session_maker() as session:
result_db = await session.execute(
select(ApiKey).filter(ApiKey.key == api_key_value)
)
api_key = result_db.scalars().first()
assert api_key is None
@pytest.mark.asyncio
async def test_delete_api_key_not_found(api_key_store, async_session_maker):
"""Test deleting a non-existent API key."""
# Execute
with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = await api_key_store.delete_api_key('non-existent-key')
# Verify
assert result is False
@pytest.mark.asyncio
async def test_delete_api_key_by_id(api_key_store, async_session_maker):
"""Test deleting an API key by ID."""
# Setup - create an API key in the database
user_id = str(uuid.uuid4())
org_id = uuid.uuid4()
async with async_session_maker() as session:
key_record = ApiKey(
key='test-delete-by-id-key',
user_id=user_id,
org_id=org_id,
name='Test Key',
)
session.add(key_record)
await session.commit()
key_id = key_record.id
# Execute - patch a_session_maker to use test's async session maker
with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = await api_key_store.delete_api_key_by_id(key_id)
# Verify
assert result is True
# Verify it was deleted from the database
async with async_session_maker() as session:
result_db = await session.execute(select(ApiKey).filter(ApiKey.id == key_id))
api_key = result_db.scalars().first()
assert api_key is None
@pytest.mark.asyncio @pytest.mark.asyncio
@patch('storage.api_key_store.call_sync_from_async', side_effect=run_sync)
@patch('storage.api_key_store.UserStore.get_user_by_id_async') @patch('storage.api_key_store.UserStore.get_user_by_id_async')
async def test_list_api_keys( async def test_list_api_keys(
mock_get_user, mock_call_sync, api_key_store, mock_session, mock_user mock_get_user, api_key_store, session_maker, async_session_maker, mock_user
): ):
"""Test listing API keys for a user.""" """Test listing API keys for a user."""
# Setup # Setup
user_id = 'test-user-123' user_id = str(uuid.uuid4())
mock_get_user.return_value = mock_user mock_get_user.return_value = mock_user
now = datetime.now(UTC) now = datetime.now(UTC)
mock_key1 = MagicMock()
mock_key1.id = 1
mock_key1.name = 'Key 1'
mock_key1.created_at = now
mock_key1.last_used_at = now
mock_key1.expires_at = now + timedelta(days=30)
mock_key2 = MagicMock() # Create API keys in the database
mock_key2.id = 2 async with async_session_maker() as session:
mock_key2.name = 'Key 2' key1 = ApiKey(
mock_key2.created_at = now key='test-key-1',
mock_key2.last_used_at = None user_id=user_id,
mock_key2.expires_at = None org_id=mock_user.current_org_id,
name='Key 1',
created_at=now,
last_used_at=now,
expires_at=now + timedelta(days=30),
)
key2 = ApiKey(
key='test-key-2',
user_id=user_id,
org_id=mock_user.current_org_id,
name='Key 2',
created_at=now,
last_used_at=None,
expires_at=None,
)
# Add an MCP key that should be filtered out
mcp_key = ApiKey(
key='test-mcp-key',
user_id=user_id,
org_id=mock_user.current_org_id,
name='MCP_API_KEY',
created_at=now,
)
session.add_all([key1, key2, mcp_key])
await session.commit()
# Mock the chained query calls for filtering by user_id and org_id # Execute - patch a_session_maker to use test's async session maker
mock_query = mock_session.query.return_value with patch('storage.api_key_store.a_session_maker', async_session_maker):
mock_filter_user = mock_query.filter.return_value
mock_filter_org = mock_filter_user.filter.return_value
mock_filter_org.all.return_value = [mock_key1, mock_key2]
# Execute
result = await api_key_store.list_api_keys(user_id) result = await api_key_store.list_api_keys(user_id)
# Verify # Verify
mock_get_user.assert_called_once_with(user_id) mock_get_user.assert_called_once_with(user_id)
assert len(result) == 2 assert len(result) == 2
assert result[0].id == 1
assert result[0].name == 'Key 1' assert result[0].name == 'Key 1'
assert result[0].created_at == now
assert result[0].last_used_at == now
assert result[0].expires_at == now + timedelta(days=30)
assert result[1].id == 2
assert result[1].name == 'Key 2' assert result[1].name == 'Key 2'
assert result[1].created_at == now
assert result[1].last_used_at is None
assert result[1].expires_at is None
@pytest.mark.asyncio @pytest.mark.asyncio
@patch('storage.api_key_store.call_sync_from_async', side_effect=run_sync)
@patch('storage.api_key_store.UserStore.get_user_by_id_async') @patch('storage.api_key_store.UserStore.get_user_by_id_async')
async def test_retrieve_mcp_api_key( async def test_retrieve_mcp_api_key(
mock_get_user, mock_call_sync, api_key_store, mock_session, mock_user mock_get_user, api_key_store, session_maker, async_session_maker, mock_user
): ):
"""Test retrieving MCP API key for a user.""" """Test retrieving MCP API key for a user."""
# Setup # Setup
user_id = 'test-user-123' user_id = str(uuid.uuid4())
mock_get_user.return_value = mock_user mock_get_user.return_value = mock_user
now = datetime.now(UTC)
mock_mcp_key = MagicMock() # Create API keys in the database
mock_mcp_key.name = 'MCP_API_KEY' async with async_session_maker() as session:
mock_mcp_key.key = 'mcp-test-key' other_key = ApiKey(
key='test-other-key',
user_id=user_id,
org_id=mock_user.current_org_id,
name='Other Key',
created_at=now,
)
mcp_key = ApiKey(
key='test-mcp-key',
user_id=user_id,
org_id=mock_user.current_org_id,
name='MCP_API_KEY',
created_at=now,
)
session.add_all([other_key, mcp_key])
await session.commit()
mock_other_key = MagicMock() # Execute - patch a_session_maker to use test's async session maker
mock_other_key.name = 'Other Key' with patch('storage.api_key_store.a_session_maker', async_session_maker):
mock_other_key.key = 'other-test-key'
# Mock the chained query calls for filtering by user_id and org_id
mock_query = mock_session.query.return_value
mock_filter_user = mock_query.filter.return_value
mock_filter_org = mock_filter_user.filter.return_value
mock_filter_org.all.return_value = [mock_other_key, mock_mcp_key]
# Execute
result = await api_key_store.retrieve_mcp_api_key(user_id) result = await api_key_store.retrieve_mcp_api_key(user_id)
# Verify # Verify
mock_get_user.assert_called_once_with(user_id) mock_get_user.assert_called_once_with(user_id)
assert result == 'mcp-test-key' assert result == 'test-mcp-key'
@pytest.mark.asyncio @pytest.mark.asyncio
@patch('storage.api_key_store.call_sync_from_async', side_effect=run_sync)
@patch('storage.api_key_store.UserStore.get_user_by_id_async') @patch('storage.api_key_store.UserStore.get_user_by_id_async')
async def test_retrieve_mcp_api_key_not_found( async def test_retrieve_mcp_api_key_not_found(
mock_get_user, mock_call_sync, api_key_store, mock_session, mock_user mock_get_user, api_key_store, session_maker, async_session_maker, mock_user
): ):
"""Test retrieving MCP API key when none exists.""" """Test retrieving MCP API key when none exists."""
# Setup # Setup
user_id = 'test-user-123' user_id = str(uuid.uuid4())
mock_get_user.return_value = mock_user mock_get_user.return_value = mock_user
now = datetime.now(UTC)
mock_other_key = MagicMock() # Create only non-MCP keys in the database
mock_other_key.name = 'Other Key' async with async_session_maker() as session:
mock_other_key.key = 'other-test-key' other_key = ApiKey(
key='test-other-key',
user_id=user_id,
org_id=mock_user.current_org_id,
name='Other Key',
created_at=now,
)
session.add(other_key)
await session.commit()
# Mock the chained query calls for filtering by user_id and org_id # Execute - patch a_session_maker to use test's async session maker
mock_query = mock_session.query.return_value with patch('storage.api_key_store.a_session_maker', async_session_maker):
mock_filter_user = mock_query.filter.return_value
mock_filter_org = mock_filter_user.filter.return_value
mock_filter_org.all.return_value = [mock_other_key]
# Execute
result = await api_key_store.retrieve_mcp_api_key(user_id) result = await api_key_store.retrieve_mcp_api_key(user_id)
# Verify # Verify
mock_get_user.assert_called_once_with(user_id) mock_get_user.assert_called_once_with(user_id)
assert result is None assert result is None
@pytest.mark.asyncio
async def test_retrieve_api_key_by_name(
api_key_store, session_maker, async_session_maker
):
"""Test retrieving an API key by name."""
# Setup
user_id = str(uuid.uuid4())
org_id = uuid.uuid4()
key_name = 'Test Key'
key_value = 'test-key-by-name'
async with async_session_maker() as session:
key_record = ApiKey(
key=key_value,
user_id=user_id,
org_id=org_id,
name=key_name,
)
session.add(key_record)
await session.commit()
# Execute - patch a_session_maker to use test's async session maker
with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = await api_key_store.retrieve_api_key_by_name(user_id, key_name)
# Verify
assert result == key_value
@pytest.mark.asyncio
async def test_retrieve_api_key_by_name_not_found(api_key_store, async_session_maker):
"""Test retrieving an API key by name that doesn't exist."""
# Execute
with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = await api_key_store.retrieve_api_key_by_name(
'non-existent-user', 'Non Existent Key'
)
# Verify
assert result is None
@pytest.mark.asyncio
async def test_delete_api_key_by_name(
api_key_store, session_maker, async_session_maker
):
"""Test deleting an API key by name."""
# Setup
user_id = str(uuid.uuid4())
org_id = uuid.uuid4()
key_name = 'Test Key to Delete'
key_value = 'test-delete-by-name'
async with async_session_maker() as session:
key_record = ApiKey(
key=key_value,
user_id=user_id,
org_id=org_id,
name=key_name,
)
session.add(key_record)
await session.commit()
# Execute - patch a_session_maker to use test's async session maker
with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = await api_key_store.delete_api_key_by_name(user_id, key_name)
# Verify
assert result is True
# Verify it was deleted from the database
async with async_session_maker() as session:
result_db = await session.execute(
select(ApiKey).filter(ApiKey.key == key_value)
)
api_key = result_db.scalars().first()
assert api_key is None
@pytest.mark.asyncio
async def test_delete_api_key_by_name_not_found(api_key_store, async_session_maker):
"""Test deleting an API key by name that doesn't exist."""
# Execute
with patch('storage.api_key_store.a_session_maker', async_session_maker):
result = await api_key_store.delete_api_key_by_name(
'non-existent-user', 'Non Existent Key'
)
# Verify
assert result is False

26
enterprise/tests/unit/test_auth_routes.py
View File

@@ -595,7 +595,7 @@ async def test_keycloak_callback_blocked_email_domain(mock_request):
mock_user_store.backfill_user_email = AsyncMock() mock_user_store.backfill_user_email = AsyncMock()
mock_domain_blocker.is_active.return_value = True mock_domain_blocker.is_active.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = True mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=True)
# Act # Act
result = await keycloak_callback( result = await keycloak_callback(
@@ -660,7 +660,7 @@ async def test_keycloak_callback_allowed_email_domain(mock_request):
mock_user_store.backfill_user_email = AsyncMock() mock_user_store.backfill_user_email = AsyncMock()
mock_domain_blocker.is_active.return_value = True mock_domain_blocker.is_active.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
@@ -725,7 +725,7 @@ async def test_keycloak_callback_domain_blocking_inactive(mock_request):
mock_user_store.backfill_user_email = AsyncMock() mock_user_store.backfill_user_email = AsyncMock()
mock_domain_blocker.is_active.return_value = False mock_domain_blocker.is_active.return_value = False
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
@@ -1221,7 +1221,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Patch the module-level recaptcha_service instance # Patch the module-level recaptcha_service instance
mock_recaptcha_service.create_assessment.return_value = ( mock_recaptcha_service.create_assessment.return_value = (
@@ -1284,7 +1284,7 @@ class TestKeycloakCallbackRecaptcha:
mock_user_store.backfill_contact_name = AsyncMock() mock_user_store.backfill_contact_name = AsyncMock()
mock_user_store.backfill_user_email = AsyncMock() mock_user_store.backfill_user_email = AsyncMock()
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Patch the module-level recaptcha_service instance # Patch the module-level recaptcha_service instance
mock_recaptcha_service.create_assessment.return_value = ( mock_recaptcha_service.create_assessment.return_value = (
@@ -1371,7 +1371,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Patch the module-level recaptcha_service instance # Patch the module-level recaptcha_service instance
mock_recaptcha_service.create_assessment.return_value = ( mock_recaptcha_service.create_assessment.return_value = (
@@ -1460,7 +1460,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Patch the module-level recaptcha_service instance # Patch the module-level recaptcha_service instance
mock_recaptcha_service.create_assessment.return_value = ( mock_recaptcha_service.create_assessment.return_value = (
@@ -1546,7 +1546,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Patch the module-level recaptcha_service instance # Patch the module-level recaptcha_service instance
mock_recaptcha_service.create_assessment.return_value = ( mock_recaptcha_service.create_assessment.return_value = (
@@ -1631,7 +1631,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Patch the module-level recaptcha_service instance # Patch the module-level recaptcha_service instance
mock_recaptcha_service.create_assessment.return_value = ( mock_recaptcha_service.create_assessment.return_value = (
@@ -1713,7 +1713,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Act # Act
await keycloak_callback( await keycloak_callback(
@@ -1781,7 +1781,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Act # Act
await keycloak_callback(code='test_code', state=state, request=mock_request) await keycloak_callback(code='test_code', state=state, request=mock_request)
@@ -1855,7 +1855,7 @@ class TestKeycloakCallbackRecaptcha:
mock_verifier.is_active.return_value = True mock_verifier.is_active.return_value = True
mock_verifier.is_user_allowed.return_value = True mock_verifier.is_user_allowed.return_value = True
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
mock_recaptcha_service.create_assessment.side_effect = Exception( mock_recaptcha_service.create_assessment.side_effect = Exception(
'Service error' 'Service error'
@@ -1924,7 +1924,7 @@ class TestKeycloakCallbackRecaptcha:
mock_user_store.backfill_contact_name = AsyncMock() mock_user_store.backfill_contact_name = AsyncMock()
mock_user_store.backfill_user_email = AsyncMock() mock_user_store.backfill_user_email = AsyncMock()
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Patch the module-level recaptcha_service instance # Patch the module-level recaptcha_service instance
mock_recaptcha_service.create_assessment.return_value = ( mock_recaptcha_service.create_assessment.return_value = (

148
enterprise/tests/unit/test_domain_blocker.py
View File

@@ -1,6 +1,6 @@
"""Unit tests for DomainBlocker class.""" """Unit tests for DomainBlocker class."""
from unittest.mock import MagicMock from unittest.mock import AsyncMock, MagicMock
import pytest import pytest
from server.auth.domain_blocker import DomainBlocker from server.auth.domain_blocker import DomainBlocker
@@ -9,7 +9,9 @@ from server.auth.domain_blocker import DomainBlocker
@pytest.fixture @pytest.fixture
def mock_store(): def mock_store():
"""Create a mock BlockedEmailDomainStore for testing.""" """Create a mock BlockedEmailDomainStore for testing."""
return MagicMock() store = MagicMock()
store.is_domain_blocked = AsyncMock()
return store
@pytest.fixture @pytest.fixture
@@ -57,109 +59,120 @@ def test_extract_domain_invalid_emails(domain_blocker, email, expected):
assert result == expected assert result == expected
def test_is_domain_blocked_with_none_email(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_with_none_email(domain_blocker, mock_store):
"""Test that is_domain_blocked returns False when email is None.""" """Test that is_domain_blocked returns False when email is None."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked(None) result = await domain_blocker.is_domain_blocked(None)
# Assert # Assert
assert result is False assert result is False
mock_store.is_domain_blocked.assert_not_called() mock_store.is_domain_blocked.assert_not_called()
def test_is_domain_blocked_with_empty_email(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_with_empty_email(domain_blocker, mock_store):
"""Test that is_domain_blocked returns False when email is empty.""" """Test that is_domain_blocked returns False when email is empty."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('') result = await domain_blocker.is_domain_blocked('')
# Assert # Assert
assert result is False assert result is False
mock_store.is_domain_blocked.assert_not_called() mock_store.is_domain_blocked.assert_not_called()
def test_is_domain_blocked_with_invalid_email(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_with_invalid_email(domain_blocker, mock_store):
"""Test that is_domain_blocked returns False when email format is invalid.""" """Test that is_domain_blocked returns False when email format is invalid."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('invalid-email') result = await domain_blocker.is_domain_blocked('invalid-email')
# Assert # Assert
assert result is False assert result is False
mock_store.is_domain_blocked.assert_not_called() mock_store.is_domain_blocked.assert_not_called()
def test_is_domain_blocked_domain_not_blocked(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_domain_not_blocked(domain_blocker, mock_store):
"""Test that is_domain_blocked returns False when domain is not blocked.""" """Test that is_domain_blocked returns False when domain is not blocked."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = False mock_store.is_domain_blocked.return_value = False
# Act # Act
result = domain_blocker.is_domain_blocked('user@example.com') result = await domain_blocker.is_domain_blocked('user@example.com')
# Assert # Assert
assert result is False assert result is False
mock_store.is_domain_blocked.assert_called_once_with('example.com') mock_store.is_domain_blocked.assert_called_once_with('example.com')
def test_is_domain_blocked_domain_blocked(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_domain_blocked(domain_blocker, mock_store):
"""Test that is_domain_blocked returns True when domain is blocked.""" """Test that is_domain_blocked returns True when domain is blocked."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@colsch.us') result = await domain_blocker.is_domain_blocked('user@colsch.us')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('colsch.us') mock_store.is_domain_blocked.assert_called_once_with('colsch.us')
def test_is_domain_blocked_case_insensitive(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_case_insensitive(domain_blocker, mock_store):
"""Test that is_domain_blocked performs case-insensitive domain extraction.""" """Test that is_domain_blocked performs case-insensitive domain extraction."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@COLSCH.US') result = await domain_blocker.is_domain_blocked('user@COLSCH.US')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('colsch.us') mock_store.is_domain_blocked.assert_called_once_with('colsch.us')
def test_is_domain_blocked_with_whitespace(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_with_whitespace(domain_blocker, mock_store):
"""Test that is_domain_blocked handles emails with whitespace correctly.""" """Test that is_domain_blocked handles emails with whitespace correctly."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked(' user@colsch.us ') result = await domain_blocker.is_domain_blocked(' user@colsch.us ')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('colsch.us') mock_store.is_domain_blocked.assert_called_once_with('colsch.us')
def test_is_domain_blocked_multiple_blocked_domains(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_multiple_blocked_domains(domain_blocker, mock_store):
"""Test that is_domain_blocked correctly checks multiple domains.""" """Test that is_domain_blocked correctly checks multiple domains."""
# Arrange # Arrange
mock_store.is_domain_blocked.side_effect = lambda domain: domain in [ mock_store.is_domain_blocked = AsyncMock(
side_effect=lambda domain: domain
in [
'other-domain.com', 'other-domain.com',
'blocked.org', 'blocked.org',
] ]
)
# Act # Act
result1 = domain_blocker.is_domain_blocked('user@other-domain.com') result1 = await domain_blocker.is_domain_blocked('user@other-domain.com')
result2 = domain_blocker.is_domain_blocked('user@blocked.org') result2 = await domain_blocker.is_domain_blocked('user@blocked.org')
result3 = domain_blocker.is_domain_blocked('user@allowed.com') result3 = await domain_blocker.is_domain_blocked('user@allowed.com')
# Assert # Assert
assert result1 is True assert result1 is True
@@ -168,7 +181,8 @@ def test_is_domain_blocked_multiple_blocked_domains(domain_blocker, mock_store):
assert mock_store.is_domain_blocked.call_count == 3 assert mock_store.is_domain_blocked.call_count == 3
def test_is_domain_blocked_tld_pattern_blocks_matching_domain( @pytest.mark.asyncio
async def test_is_domain_blocked_tld_pattern_blocks_matching_domain(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that TLD pattern blocks domains ending with that TLD.""" """Test that TLD pattern blocks domains ending with that TLD."""
@@ -176,14 +190,15 @@ def test_is_domain_blocked_tld_pattern_blocks_matching_domain(
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@company.us') result = await domain_blocker.is_domain_blocked('user@company.us')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('company.us') mock_store.is_domain_blocked.assert_called_once_with('company.us')
def test_is_domain_blocked_tld_pattern_blocks_subdomain_with_tld( @pytest.mark.asyncio
async def test_is_domain_blocked_tld_pattern_blocks_subdomain_with_tld(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that TLD pattern blocks subdomains with that TLD.""" """Test that TLD pattern blocks subdomains with that TLD."""
@@ -191,14 +206,15 @@ def test_is_domain_blocked_tld_pattern_blocks_subdomain_with_tld(
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@subdomain.company.us') result = await domain_blocker.is_domain_blocked('user@subdomain.company.us')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('subdomain.company.us') mock_store.is_domain_blocked.assert_called_once_with('subdomain.company.us')
def test_is_domain_blocked_tld_pattern_does_not_block_different_tld( @pytest.mark.asyncio
async def test_is_domain_blocked_tld_pattern_does_not_block_different_tld(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that TLD pattern does not block domains with different TLD.""" """Test that TLD pattern does not block domains with different TLD."""
@@ -206,35 +222,41 @@ def test_is_domain_blocked_tld_pattern_does_not_block_different_tld(
mock_store.is_domain_blocked.return_value = False mock_store.is_domain_blocked.return_value = False
# Act # Act
result = domain_blocker.is_domain_blocked('user@company.com') result = await domain_blocker.is_domain_blocked('user@company.com')
# Assert # Assert
assert result is False assert result is False
mock_store.is_domain_blocked.assert_called_once_with('company.com') mock_store.is_domain_blocked.assert_called_once_with('company.com')
def test_is_domain_blocked_tld_pattern_case_insensitive(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_tld_pattern_case_insensitive(
domain_blocker, mock_store
):
"""Test that TLD pattern matching is case-insensitive.""" """Test that TLD pattern matching is case-insensitive."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@COMPANY.US') result = await domain_blocker.is_domain_blocked('user@COMPANY.US')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('company.us') mock_store.is_domain_blocked.assert_called_once_with('company.us')
def test_is_domain_blocked_tld_pattern_with_multi_level_tld(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_tld_pattern_with_multi_level_tld(
domain_blocker, mock_store
):
"""Test that TLD pattern works with multi-level TLDs like .co.uk.""" """Test that TLD pattern works with multi-level TLDs like .co.uk."""
# Arrange # Arrange
mock_store.is_domain_blocked.side_effect = lambda domain: domain.endswith('.co.uk') mock_store.is_domain_blocked.side_effect = lambda domain: domain.endswith('.co.uk')
# Act # Act
result_match = domain_blocker.is_domain_blocked('user@example.co.uk') result_match = await domain_blocker.is_domain_blocked('user@example.co.uk')
result_subdomain = domain_blocker.is_domain_blocked('user@api.example.co.uk') result_subdomain = await domain_blocker.is_domain_blocked('user@api.example.co.uk')
result_no_match = domain_blocker.is_domain_blocked('user@example.uk') result_no_match = await domain_blocker.is_domain_blocked('user@example.uk')
# Assert # Assert
assert result_match is True assert result_match is True
@@ -242,7 +264,8 @@ def test_is_domain_blocked_tld_pattern_with_multi_level_tld(domain_blocker, mock
assert result_no_match is False assert result_no_match is False
def test_is_domain_blocked_domain_pattern_blocks_exact_match( @pytest.mark.asyncio
async def test_is_domain_blocked_domain_pattern_blocks_exact_match(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that domain pattern blocks exact domain match.""" """Test that domain pattern blocks exact domain match."""
@@ -250,27 +273,31 @@ def test_is_domain_blocked_domain_pattern_blocks_exact_match(
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@example.com') result = await domain_blocker.is_domain_blocked('user@example.com')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('example.com') mock_store.is_domain_blocked.assert_called_once_with('example.com')
def test_is_domain_blocked_domain_pattern_blocks_subdomain(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_domain_pattern_blocks_subdomain(
domain_blocker, mock_store
):
"""Test that domain pattern blocks subdomains of that domain.""" """Test that domain pattern blocks subdomains of that domain."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@subdomain.example.com') result = await domain_blocker.is_domain_blocked('user@subdomain.example.com')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('subdomain.example.com') mock_store.is_domain_blocked.assert_called_once_with('subdomain.example.com')
def test_is_domain_blocked_domain_pattern_blocks_multi_level_subdomain( @pytest.mark.asyncio
async def test_is_domain_blocked_domain_pattern_blocks_multi_level_subdomain(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that domain pattern blocks multi-level subdomains.""" """Test that domain pattern blocks multi-level subdomains."""
@@ -278,14 +305,15 @@ def test_is_domain_blocked_domain_pattern_blocks_multi_level_subdomain(
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked('user@api.v2.example.com') result = await domain_blocker.is_domain_blocked('user@api.v2.example.com')
# Assert # Assert
assert result is True assert result is True
mock_store.is_domain_blocked.assert_called_once_with('api.v2.example.com') mock_store.is_domain_blocked.assert_called_once_with('api.v2.example.com')
def test_is_domain_blocked_domain_pattern_does_not_block_similar_domain( @pytest.mark.asyncio
async def test_is_domain_blocked_domain_pattern_does_not_block_similar_domain(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that domain pattern does not block domains that contain but don't match the pattern.""" """Test that domain pattern does not block domains that contain but don't match the pattern."""
@@ -293,14 +321,15 @@ def test_is_domain_blocked_domain_pattern_does_not_block_similar_domain(
mock_store.is_domain_blocked.return_value = False mock_store.is_domain_blocked.return_value = False
# Act # Act
result = domain_blocker.is_domain_blocked('user@notexample.com') result = await domain_blocker.is_domain_blocked('user@notexample.com')
# Assert # Assert
assert result is False assert result is False
mock_store.is_domain_blocked.assert_called_once_with('notexample.com') mock_store.is_domain_blocked.assert_called_once_with('notexample.com')
def test_is_domain_blocked_domain_pattern_does_not_block_different_tld( @pytest.mark.asyncio
async def test_is_domain_blocked_domain_pattern_does_not_block_different_tld(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that domain pattern does not block same domain with different TLD.""" """Test that domain pattern does not block same domain with different TLD."""
@@ -308,14 +337,15 @@ def test_is_domain_blocked_domain_pattern_does_not_block_different_tld(
mock_store.is_domain_blocked.return_value = False mock_store.is_domain_blocked.return_value = False
# Act # Act
result = domain_blocker.is_domain_blocked('user@example.org') result = await domain_blocker.is_domain_blocked('user@example.org')
# Assert # Assert
assert result is False assert result is False
mock_store.is_domain_blocked.assert_called_once_with('example.org') mock_store.is_domain_blocked.assert_called_once_with('example.org')
def test_is_domain_blocked_subdomain_pattern_blocks_exact_and_nested( @pytest.mark.asyncio
async def test_is_domain_blocked_subdomain_pattern_blocks_exact_and_nested(
domain_blocker, mock_store domain_blocker, mock_store
): ):
"""Test that blocking a subdomain also blocks its nested subdomains.""" """Test that blocking a subdomain also blocks its nested subdomains."""
@@ -325,9 +355,9 @@ def test_is_domain_blocked_subdomain_pattern_blocks_exact_and_nested(
) )
# Act # Act
result_exact = domain_blocker.is_domain_blocked('user@api.example.com') result_exact = await domain_blocker.is_domain_blocked('user@api.example.com')
result_nested = domain_blocker.is_domain_blocked('user@v1.api.example.com') result_nested = await domain_blocker.is_domain_blocked('user@v1.api.example.com')
result_parent = domain_blocker.is_domain_blocked('user@example.com') result_parent = await domain_blocker.is_domain_blocked('user@example.com')
# Assert # Assert
assert result_exact is True assert result_exact is True
@@ -335,14 +365,15 @@ def test_is_domain_blocked_subdomain_pattern_blocks_exact_and_nested(
assert result_parent is False assert result_parent is False
def test_is_domain_blocked_domain_with_hyphens(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_domain_with_hyphens(domain_blocker, mock_store):
"""Test that domain patterns work with hyphenated domains.""" """Test that domain patterns work with hyphenated domains."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result_exact = domain_blocker.is_domain_blocked('user@my-company.com') result_exact = await domain_blocker.is_domain_blocked('user@my-company.com')
result_subdomain = domain_blocker.is_domain_blocked('user@api.my-company.com') result_subdomain = await domain_blocker.is_domain_blocked('user@api.my-company.com')
# Assert # Assert
assert result_exact is True assert result_exact is True
@@ -350,14 +381,15 @@ def test_is_domain_blocked_domain_with_hyphens(domain_blocker, mock_store):
assert mock_store.is_domain_blocked.call_count == 2 assert mock_store.is_domain_blocked.call_count == 2
def test_is_domain_blocked_domain_with_numbers(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_domain_with_numbers(domain_blocker, mock_store):
"""Test that domain patterns work with numeric domains.""" """Test that domain patterns work with numeric domains."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result_exact = domain_blocker.is_domain_blocked('user@test123.com') result_exact = await domain_blocker.is_domain_blocked('user@test123.com')
result_subdomain = domain_blocker.is_domain_blocked('user@api.test123.com') result_subdomain = await domain_blocker.is_domain_blocked('user@api.test123.com')
# Assert # Assert
assert result_exact is True assert result_exact is True
@@ -365,13 +397,14 @@ def test_is_domain_blocked_domain_with_numbers(domain_blocker, mock_store):
assert mock_store.is_domain_blocked.call_count == 2 assert mock_store.is_domain_blocked.call_count == 2
def test_is_domain_blocked_very_long_subdomain_chain(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_very_long_subdomain_chain(domain_blocker, mock_store):
"""Test that blocking works with very long subdomain chains.""" """Test that blocking works with very long subdomain chains."""
# Arrange # Arrange
mock_store.is_domain_blocked.return_value = True mock_store.is_domain_blocked.return_value = True
# Act # Act
result = domain_blocker.is_domain_blocked( result = await domain_blocker.is_domain_blocked(
'user@level4.level3.level2.level1.example.com' 'user@level4.level3.level2.level1.example.com'
) )
@@ -382,13 +415,14 @@ def test_is_domain_blocked_very_long_subdomain_chain(domain_blocker, mock_store)
) )
def test_is_domain_blocked_handles_store_exception(domain_blocker, mock_store): @pytest.mark.asyncio
async def test_is_domain_blocked_handles_store_exception(domain_blocker, mock_store):
"""Test that is_domain_blocked returns False when store raises an exception.""" """Test that is_domain_blocked returns False when store raises an exception."""
# Arrange # Arrange
mock_store.is_domain_blocked.side_effect = Exception('Database connection error') mock_store.is_domain_blocked.side_effect = Exception('Database connection error')
# Act # Act
result = domain_blocker.is_domain_blocked('user@example.com') result = await domain_blocker.is_domain_blocked('user@example.com')
# Assert # Assert
assert result is False assert result is False

109
enterprise/tests/unit/test_offline_token_store.py
View File

@@ -1,56 +1,54 @@
from unittest.mock import MagicMock, patch
import pytest import pytest
from server.auth.token_manager import TokenManager from sqlalchemy import select
from storage.offline_token_store import OfflineTokenStore from storage.offline_token_store import OfflineTokenStore
from storage.stored_offline_token import StoredOfflineToken from storage.stored_offline_token import StoredOfflineToken
from openhands.core.config.openhands_config import OpenHandsConfig
@pytest.fixture @pytest.fixture
def mock_config(): def mock_config():
return MagicMock(spec=OpenHandsConfig) return None # Not used in tests
@pytest.fixture
def token_store(session_maker, mock_config):
return OfflineTokenStore('test_user_id', session_maker, mock_config)
@pytest.fixture
def token_manager():
with patch('server.config.get_config') as mock_get_config:
mock_config = mock_get_config.return_value
mock_config.jwt_secret.get_secret_value.return_value = 'test_secret'
return TokenManager(external=False)
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_store_token_new_record(token_store, session_maker): async def test_store_token_new_record(async_session_maker, mock_config):
# Setup # Setup - inject the test session maker into the store module
import storage.offline_token_store as store_module
store_module.a_session_maker = async_session_maker
token_store = OfflineTokenStore('test_user_id', mock_config)
test_token = 'test_offline_token' test_token = 'test_offline_token'
# Execute # Execute
await token_store.store_token(test_token) await token_store.store_token(test_token)
# Verify # Verify - use a new session to query
with session_maker() as session: async with async_session_maker() as session:
query = session.query(StoredOfflineToken) result = await session.execute(
assert query.count() == 1 select(StoredOfflineToken).where(
added_record = query.first() StoredOfflineToken.user_id == 'test_user_id'
assert added_record.user_id == 'test_user_id' )
assert added_record.offline_token == test_token )
record = result.scalar_one_or_none()
assert record is not None
assert record.user_id == 'test_user_id'
assert record.offline_token == test_token
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_store_token_existing_record(token_store, session_maker): async def test_store_token_existing_record(async_session_maker, mock_config):
# Setup # Setup - inject the test session maker into the store module
with session_maker() as session: import storage.offline_token_store as store_module
store_module.a_session_maker = async_session_maker
token_store = OfflineTokenStore('test_user_id', mock_config)
async with async_session_maker() as session:
session.add( session.add(
StoredOfflineToken(user_id='test_user_id', offline_token='old_token') StoredOfflineToken(user_id='test_user_id', offline_token='old_token')
) )
session.commit() await session.commit()
test_token = 'new_offline_token' test_token = 'new_offline_token'
@@ -58,24 +56,35 @@ async def test_store_token_existing_record(token_store, session_maker):
await token_store.store_token(test_token) await token_store.store_token(test_token)
# Verify # Verify
with session_maker() as session: async with async_session_maker() as session:
query = session.query(StoredOfflineToken) from sqlalchemy import select
assert query.count() == 1
added_record = query.first() result = await session.execute(
assert added_record.user_id == 'test_user_id' select(StoredOfflineToken).where(
assert added_record.offline_token == test_token StoredOfflineToken.user_id == 'test_user_id'
)
)
record = result.scalar_one_or_none()
assert record is not None
assert record.offline_token == test_token
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_load_token_existing(token_store, session_maker): async def test_load_token_existing(async_session_maker, mock_config):
# Setup # Setup - inject the test session maker into the store module
with session_maker() as session: import storage.offline_token_store as store_module
store_module.a_session_maker = async_session_maker
token_store = OfflineTokenStore('test_user_id', mock_config)
async with async_session_maker() as session:
session.add( session.add(
StoredOfflineToken( StoredOfflineToken(
user_id='test_user_id', offline_token='test_offline_token' user_id='test_user_id', offline_token='test_offline_token'
) )
) )
session.commit() await session.commit()
# Execute # Execute
result = await token_store.load_token() result = await token_store.load_token()
@@ -85,7 +94,14 @@ async def test_load_token_existing(token_store, session_maker):
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_load_token_not_found(token_store): async def test_load_token_not_found(async_session_maker, mock_config):
# Setup - inject the test session maker into the store module
import storage.offline_token_store as store_module
store_module.a_session_maker = async_session_maker
token_store = OfflineTokenStore('nonexistent_user', mock_config)
# Execute # Execute
result = await token_store.load_token() result = await token_store.load_token()
@@ -104,10 +120,3 @@ async def test_get_instance(mock_config):
# Verify # Verify
assert isinstance(result, OfflineTokenStore) assert isinstance(result, OfflineTokenStore)
assert result.user_id == test_user_id assert result.user_id == test_user_id
assert result.config == mock_config
def test_load_store_org_token(token_manager, session_maker):
with patch('server.auth.token_manager.session_maker', session_maker):
token_manager.store_org_token('some-org-id', 'some-token')
assert token_manager.load_org_token('some-org-id') == 'some-token'

17
enterprise/tests/unit/test_org_member_store.py
View File

@@ -4,17 +4,12 @@ from unittest.mock import patch
import pytest import pytest
from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine from sqlalchemy.ext.asyncio import AsyncSession, async_sessionmaker, create_async_engine
from sqlalchemy.pool import StaticPool from sqlalchemy.pool import StaticPool
from storage.base import Base
# Mock the database module before importing OrgMemberStore from storage.org import Org
with patch('storage.database.engine', create=True), patch( from storage.org_member import OrgMember
'storage.database.a_engine', create=True from storage.org_member_store import OrgMemberStore
): from storage.role import Role
from storage.base import Base from storage.user import User
from storage.org import Org
from storage.org_member import OrgMember
from storage.org_member_store import OrgMemberStore
from storage.role import Role
from storage.user import User
@pytest.fixture @pytest.fixture

19
enterprise/tests/unit/test_org_service.py
View File

@@ -9,23 +9,18 @@ import uuid
from unittest.mock import AsyncMock, MagicMock, patch from unittest.mock import AsyncMock, MagicMock, patch
import pytest import pytest
from server.routes.org_models import (
# Mock the database module before importing OrgService
with patch('storage.database.engine', create=True), patch(
'storage.database.a_engine', create=True
):
from server.routes.org_models import (
LiteLLMIntegrationError, LiteLLMIntegrationError,
OrgAuthorizationError, OrgAuthorizationError,
OrgDatabaseError, OrgDatabaseError,
OrgNameExistsError, OrgNameExistsError,
OrgNotFoundError, OrgNotFoundError,
) )
from storage.org import Org from storage.org import Org
from storage.org_member import OrgMember from storage.org_member import OrgMember
from storage.org_service import OrgService from storage.org_service import OrgService
from storage.role import Role from storage.role import Role
from storage.user import User from storage.user import User
@pytest.fixture @pytest.fixture

17
enterprise/tests/unit/test_org_store.py
View File

@@ -5,17 +5,12 @@ from unittest.mock import AsyncMock, MagicMock, patch
import pytest import pytest
from pydantic import SecretStr from pydantic import SecretStr
from sqlalchemy.exc import IntegrityError from sqlalchemy.exc import IntegrityError
from storage.org import Org
# Mock the database module before importing OrgStore from storage.org_invitation import OrgInvitation
with patch('storage.database.engine', create=True), patch( from storage.org_member import OrgMember
'storage.database.a_engine', create=True from storage.org_store import OrgStore
): from storage.role import Role
from storage.org import Org from storage.user import User
from storage.org_invitation import OrgInvitation
from storage.org_member import OrgMember
from storage.org_store import OrgStore
from storage.role import Role
from storage.user import User
from openhands.storage.data_models.settings import Settings from openhands.storage.data_models.settings import Settings

9
enterprise/tests/unit/test_proactive_conversation_starters.py
View File

@@ -1,13 +1,8 @@
from unittest.mock import MagicMock, patch from unittest.mock import MagicMock, patch
import pytest import pytest
from integrations.github.github_view import get_user_proactive_conversation_setting
# Mock the database module before importing from storage.org import Org
with patch('storage.database.engine', create=True), patch(
'storage.database.a_engine', create=True
):
from integrations.github.github_view import get_user_proactive_conversation_setting
from storage.org import Org
pytestmark = pytest.mark.asyncio pytestmark = pytest.mark.asyncio

147
enterprise/tests/unit/test_repository_store.py Normal file
View File

@@ -0,0 +1,147 @@
from unittest.mock import patch
import pytest
from sqlalchemy import select
from storage.repository_store import RepositoryStore
from storage.stored_repository import StoredRepository
@pytest.fixture
def repository_store():
return RepositoryStore(config=None)
@pytest.mark.asyncio
async def test_store_projects_empty_list(repository_store, async_session_maker):
"""Test storing empty list of repositories."""
with patch(
'storage.repository_store.RepositoryStore.store_projects'
) as mock_method:
# Should handle empty list gracefully
mock_method.return_value = None
# Test that we handle empty repositories
result = await repository_store.store_projects([])
# The method should return early for empty list
assert result is None
@pytest.mark.asyncio
async def test_store_projects_new_repositories(repository_store, async_session_maker):
"""Test storing new repositories in the database."""
# Setup - create repositories
repo1 = StoredRepository(
repo_name='owner/repo1',
repo_id='github##123',
is_public=False,
)
repo2 = StoredRepository(
repo_name='owner/repo2',
repo_id='github##456',
is_public=True,
)
# Execute - patch a_session_maker to use test's async session maker
with patch('storage.repository_store.a_session_maker', async_session_maker):
await repository_store.store_projects([repo1, repo2])
# Verify the repositories were stored
async with async_session_maker() as session:
result = await session.execute(
select(StoredRepository).filter(
StoredRepository.repo_id.in_(['github##123', 'github##456'])
)
)
repos = result.scalars().all()
assert len(repos) == 2
repo_ids = {r.repo_id for r in repos}
assert 'github##123' in repo_ids
assert 'github##456' in repo_ids
@pytest.mark.asyncio
async def test_store_projects_update_existing(repository_store, async_session_maker):
"""Test updating existing repositories in the database."""
# Setup - create existing repository
existing_repo = StoredRepository(
repo_name='owner/repo1',
repo_id='github##123',
is_public=True,
)
async with async_session_maker() as session:
session.add(existing_repo)
await session.commit()
# Execute - update the repository with new values
updated_repo = StoredRepository(
repo_name='owner/repo1-updated',
repo_id='github##123',
is_public=False, # Changed from True
)
with patch('storage.repository_store.a_session_maker', async_session_maker):
await repository_store.store_projects([updated_repo])
# Verify the repository was updated
async with async_session_maker() as session:
result = await session.execute(
select(StoredRepository).filter(StoredRepository.repo_id == 'github##123')
)
repo = result.scalars().first()
assert repo is not None
assert repo.repo_name == 'owner/repo1-updated'
assert repo.is_public is False
@pytest.mark.asyncio
async def test_store_projects_mixed_new_and_existing(
repository_store, async_session_maker
):
"""Test storing a mix of new and existing repositories."""
# Setup - create one existing repository
existing_repo = StoredRepository(
repo_name='owner/existing-repo',
repo_id='github##123',
is_public=True,
)
async with async_session_maker() as session:
session.add(existing_repo)
await session.commit()
# Execute - store a mix of new and existing
repos_to_store = [
StoredRepository(
repo_name='owner/existing-repo',
repo_id='github##123',
is_public=False, # Will update
),
StoredRepository(
repo_name='owner/new-repo',
repo_id='github##456',
is_public=True,
),
]
with patch('storage.repository_store.a_session_maker', async_session_maker):
await repository_store.store_projects(repos_to_store)
# Verify results
async with async_session_maker() as session:
result = await session.execute(
select(StoredRepository).filter(
StoredRepository.repo_id.in_(['github##123', 'github##456'])
)
)
repos = result.scalars().all()
assert len(repos) == 2
# Check the updated existing repo
existing = next(r for r in repos if r.repo_id == 'github##123')
assert existing.repo_name == 'owner/existing-repo'
assert existing.is_public is False
# Check the new repo
new = next(r for r in repos if r.repo_id == 'github##456')
assert new.repo_name == 'owner/new-repo'
assert new.is_public is True

22
enterprise/tests/unit/test_saas_secrets_store.py
View File

@@ -29,8 +29,16 @@ def mock_user():
@pytest.fixture @pytest.fixture
def secrets_store(session_maker, mock_config): def secrets_store(async_session_maker, mock_config):
return SaasSecretsStore('user-id', session_maker, mock_config) # Inject the test session maker into the store module
import storage.saas_secrets_store as store_module
store_module.a_session_maker = async_session_maker
store = SaasSecretsStore('user-id', mock_config)
# Also add it as an attribute for tests that need direct access
store.a_session_maker = async_session_maker
return store
class TestSaasSecretsStore: class TestSaasSecretsStore:
@@ -107,13 +115,15 @@ class TestSaasSecretsStore:
await secrets_store.store(user_secrets) await secrets_store.store(user_secrets)
# Verify the data is encrypted in the database # Verify the data is encrypted in the database
with secrets_store.session_maker() as session: from sqlalchemy import select
stored = (
session.query(StoredCustomSecrets) async with secrets_store.a_session_maker() as session:
result = await session.execute(
select(StoredCustomSecrets)
.filter(StoredCustomSecrets.keycloak_user_id == 'user-id') .filter(StoredCustomSecrets.keycloak_user_id == 'user-id')
.filter(StoredCustomSecrets.org_id == mock_user.current_org_id) .filter(StoredCustomSecrets.org_id == mock_user.current_org_id)
.first()
) )
stored = result.scalars().first()
# The sensitive data should be encrypted # The sensitive data should be encrypted
assert stored.secret_value != 'sensitive_token' assert stored.secret_value != 'sensitive_token'

74
enterprise/tests/unit/test_saas_settings_store.py
View File

@@ -8,7 +8,7 @@ from openhands.server.settings import Settings
from openhands.storage.data_models.settings import Settings as DataSettings from openhands.storage.data_models.settings import Settings as DataSettings
# Mock the database module before importing # Mock the database module before importing
with patch('storage.database.engine'), patch('storage.database.a_engine'): with patch('storage.database.a_session_maker'):
from server.constants import ( from server.constants import (
LITE_LLM_API_URL, LITE_LLM_API_URL,
) )
@@ -26,19 +26,21 @@ def mock_config():
@pytest.fixture @pytest.fixture
def settings_store(session_maker, mock_config): def settings_store(async_session_maker, mock_config):
store = SaasSettingsStore( store = SaasSettingsStore('5594c7b6-f959-4b81-92e9-b09c206f5081', mock_config)
'5594c7b6-f959-4b81-92e9-b09c206f5081', session_maker, mock_config store.a_session_maker = async_session_maker
)
# Patch the load method to read from UserSettings table directly (for testing) # Patch the load method to read from UserSettings table directly (for testing)
async def patched_load(): async def patched_load():
with store.session_maker() as session: async with store.a_session_maker() as session:
user_settings = ( from sqlalchemy import select
session.query(UserSettings)
.filter(UserSettings.keycloak_user_id == store.user_id) result = await session.execute(
.first() select(UserSettings).filter(
UserSettings.keycloak_user_id == store.user_id
) )
)
user_settings = result.scalars().first()
if not user_settings: if not user_settings:
# Return default settings # Return default settings
return Settings( return Settings(
@@ -74,29 +76,31 @@ def settings_store(session_maker, mock_config):
if 'secrets_store' in item_dict: if 'secrets_store' in item_dict:
del item_dict['secrets_store'] del item_dict['secrets_store']
# Continue with the original implementation # Encrypt the data before storing
with store.session_maker() as session:
existing = None
if item_dict:
store._encrypt_kwargs(item_dict) store._encrypt_kwargs(item_dict)
query = session.query(UserSettings).filter(
# Continue with the original implementation
from sqlalchemy import select
async with store.a_session_maker() as session:
result = await session.execute(
select(UserSettings).filter(
UserSettings.keycloak_user_id == store.user_id UserSettings.keycloak_user_id == store.user_id
) )
)
# First check if we have an existing entry in the new table existing = result.scalars().first()
existing = query.first()
if existing: if existing:
# Update existing entry # Update existing entry
for key, value in item_dict.items(): for key, value in item_dict.items():
if key in existing.__class__.__table__.columns: if key in existing.__class__.__table__.columns:
setattr(existing, key, value) setattr(existing, key, value)
session.merge(existing) await session.merge(existing)
else: else:
item_dict['keycloak_user_id'] = store.user_id item_dict['keycloak_user_id'] = store.user_id
settings = UserSettings(**item_dict) settings = UserSettings(**item_dict)
session.add(settings) session.add(settings)
session.commit() await session.commit()
# Replace the methods with our patched versions # Replace the methods with our patched versions
store.store = patched_store store.store = patched_store
@@ -125,25 +129,26 @@ async def test_store_and_load_keycloak_user(settings_store):
assert loaded_settings.agent == 'smith' assert loaded_settings.agent == 'smith'
# Verify it was stored in user_settings table with keycloak_user_id # Verify it was stored in user_settings table with keycloak_user_id
with settings_store.session_maker() as session: from sqlalchemy import select
stored = (
session.query(UserSettings) async with settings_store.a_session_maker() as session:
.filter( result = await session.execute(
select(UserSettings).filter(
UserSettings.keycloak_user_id == '550e8400-e29b-41d4-a716-446655440000' UserSettings.keycloak_user_id == '550e8400-e29b-41d4-a716-446655440000'
) )
.first()
) )
stored = result.scalars().first()
assert stored is not None assert stored is not None
assert stored.agent == 'smith' assert stored.agent == 'smith'
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_load_returns_default_when_not_found(settings_store, session_maker): async def test_load_returns_default_when_not_found(settings_store, async_session_maker):
file_store = MagicMock() file_store = MagicMock()
file_store.read.side_effect = FileNotFoundError() file_store.read.side_effect = FileNotFoundError()
with ( with (
patch('storage.saas_settings_store.session_maker', session_maker), patch('storage.saas_settings_store.a_session_maker', async_session_maker),
): ):
loaded_settings = await settings_store.load() loaded_settings = await settings_store.load()
assert loaded_settings is not None assert loaded_settings is not None
@@ -164,14 +169,15 @@ async def test_encryption(settings_store):
email_verified=True, email_verified=True,
) )
await settings_store.store(settings) await settings_store.store(settings)
with settings_store.session_maker() as session: from sqlalchemy import select
stored = (
session.query(UserSettings) async with settings_store.a_session_maker() as session:
.filter( result = await session.execute(
select(UserSettings).filter(
UserSettings.keycloak_user_id == '5594c7b6-f959-4b81-92e9-b09c206f5081' UserSettings.keycloak_user_id == '5594c7b6-f959-4b81-92e9-b09c206f5081'
) )
.first()
) )
stored = result.scalars().first()
# The stored key should be encrypted # The stored key should be encrypted
assert stored.llm_api_key != 'secret_key' assert stored.llm_api_key != 'secret_key'
# But we should be able to decrypt it when loading # But we should be able to decrypt it when loading
@@ -182,7 +188,7 @@ async def test_encryption(settings_store):
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_ensure_api_key_keeps_valid_key(mock_config): async def test_ensure_api_key_keeps_valid_key(mock_config):
"""When the existing key is valid, it should be kept unchanged.""" """When the existing key is valid, it should be kept unchanged."""
store = SaasSettingsStore('test-user-id-123', MagicMock(), mock_config) store = SaasSettingsStore('test-user-id-123', mock_config)
existing_key = 'sk-existing-key' existing_key = 'sk-existing-key'
item = DataSettings( item = DataSettings(
llm_model='openhands/gpt-4', llm_api_key=SecretStr(existing_key) llm_model='openhands/gpt-4', llm_api_key=SecretStr(existing_key)
@@ -205,7 +211,7 @@ async def test_ensure_api_key_generates_new_key_when_verification_fails(
mock_config, mock_config,
): ):
"""When verification fails, a new key should be generated.""" """When verification fails, a new key should be generated."""
store = SaasSettingsStore('test-user-id-123', MagicMock(), mock_config) store = SaasSettingsStore('test-user-id-123', mock_config)
new_key = 'sk-new-key' new_key = 'sk-new-key'
item = DataSettings( item = DataSettings(
llm_model='openhands/gpt-4', llm_api_key=SecretStr('sk-invalid-key') llm_model='openhands/gpt-4', llm_api_key=SecretStr('sk-invalid-key')

10
enterprise/tests/unit/test_saas_user_auth.py
View File

@@ -370,7 +370,7 @@ async def test_saas_user_auth_from_bearer_success():
patch('server.auth.saas_user_auth.token_manager') as mock_token_manager, patch('server.auth.saas_user_auth.token_manager') as mock_token_manager,
): ):
mock_api_key_store = MagicMock() mock_api_key_store = MagicMock()
mock_api_key_store.validate_api_key.return_value = 'test_user_id' mock_api_key_store.validate_api_key = AsyncMock(return_value='test_user_id')
mock_api_key_store_cls.get_instance.return_value = mock_api_key_store mock_api_key_store_cls.get_instance.return_value = mock_api_key_store
mock_token_manager.load_offline_token = AsyncMock(return_value=offline_token) mock_token_manager.load_offline_token = AsyncMock(return_value=offline_token)
@@ -406,7 +406,7 @@ async def test_saas_user_auth_from_bearer_invalid_api_key():
with patch('server.auth.saas_user_auth.ApiKeyStore') as mock_api_key_store_cls: with patch('server.auth.saas_user_auth.ApiKeyStore') as mock_api_key_store_cls:
mock_api_key_store = MagicMock() mock_api_key_store = MagicMock()
mock_api_key_store.validate_api_key.return_value = None mock_api_key_store.validate_api_key = AsyncMock(return_value=None)
mock_api_key_store_cls.get_instance.return_value = mock_api_key_store mock_api_key_store_cls.get_instance.return_value = mock_api_key_store
result = await saas_user_auth_from_bearer(mock_request) result = await saas_user_auth_from_bearer(mock_request)
@@ -702,7 +702,7 @@ async def test_saas_user_auth_from_signed_token_blocked_domain(mock_config):
signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256') signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256')
with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker: with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker:
mock_domain_blocker.is_domain_blocked.return_value = True mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=True)
# Act & Assert # Act & Assert
with pytest.raises(AuthError) as exc_info: with pytest.raises(AuthError) as exc_info:
@@ -731,7 +731,7 @@ async def test_saas_user_auth_from_signed_token_allowed_domain(mock_config):
signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256') signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256')
with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker: with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker:
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Act # Act
result = await saas_user_auth_from_signed_token(signed_token) result = await saas_user_auth_from_signed_token(signed_token)
@@ -764,7 +764,7 @@ async def test_saas_user_auth_from_signed_token_domain_blocking_inactive(mock_co
signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256') signed_token = jwt.encode(token_payload, 'test_secret', algorithm='HS256')
with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker: with patch('server.auth.saas_user_auth.domain_blocker') as mock_domain_blocker:
mock_domain_blocker.is_domain_blocked.return_value = False mock_domain_blocker.is_domain_blocked = AsyncMock(return_value=False)
# Act # Act
result = await saas_user_auth_from_signed_token(signed_token) result = await saas_user_auth_from_signed_token(signed_token)

101
enterprise/tests/unit/test_token_manager.py
View File

@@ -3,37 +3,15 @@ from unittest.mock import AsyncMock, MagicMock, patch
import pytest import pytest
from keycloak.exceptions import KeycloakConnectionError, KeycloakError from keycloak.exceptions import KeycloakConnectionError, KeycloakError
from server.auth.token_manager import TokenManager from server.auth.token_manager import TokenManager
from sqlalchemy.orm import Session
from storage.offline_token_store import OfflineTokenStore
from storage.stored_offline_token import StoredOfflineToken
from openhands.core.config.openhands_config import OpenHandsConfig from openhands.core.config.openhands_config import OpenHandsConfig
@pytest.fixture
def mock_session():
session = MagicMock(spec=Session)
return session
@pytest.fixture
def mock_session_maker(mock_session):
session_maker = MagicMock()
session_maker.return_value.__enter__.return_value = mock_session
session_maker.return_value.__exit__.return_value = None
return session_maker
@pytest.fixture @pytest.fixture
def mock_config(): def mock_config():
return MagicMock(spec=OpenHandsConfig) return MagicMock(spec=OpenHandsConfig)
@pytest.fixture
def token_store(mock_session_maker, mock_config):
return OfflineTokenStore('test_user_id', mock_session_maker, mock_config)
@pytest.fixture @pytest.fixture
def token_manager(): def token_manager():
with patch('server.config.get_config') as mock_get_config: with patch('server.config.get_config') as mock_get_config:
@@ -42,83 +20,8 @@ def token_manager():
return TokenManager(external=False) return TokenManager(external=False)
@pytest.mark.asyncio # Offline token tests removed - they now live in test_offline_token_store.py
async def test_store_token_new_record(token_store, mock_session): # and use real async database fixtures
# Setup
mock_session.query.return_value.filter.return_value.first.return_value = None
test_token = 'test_offline_token'
# Execute
await token_store.store_token(test_token)
# Verify
mock_session.add.assert_called_once()
mock_session.commit.assert_called_once()
added_record = mock_session.add.call_args[0][0]
assert isinstance(added_record, StoredOfflineToken)
assert added_record.user_id == 'test_user_id'
assert added_record.offline_token == test_token
@pytest.mark.asyncio
async def test_store_token_existing_record(token_store, mock_session):
# Setup
existing_record = StoredOfflineToken(
user_id='test_user_id', offline_token='old_token'
)
mock_session.query.return_value.filter.return_value.first.return_value = (
existing_record
)
test_token = 'new_offline_token'
# Execute
await token_store.store_token(test_token)
# Verify
mock_session.add.assert_not_called()
mock_session.commit.assert_called_once()
assert existing_record.offline_token == test_token
@pytest.mark.asyncio
async def test_load_token_existing(token_store, mock_session):
# Setup
test_token = 'test_offline_token'
mock_session.query.return_value.filter.return_value.first.return_value = (
StoredOfflineToken(user_id='test_user_id', offline_token=test_token)
)
# Execute
result = await token_store.load_token()
# Verify
assert result == test_token
@pytest.mark.asyncio
async def test_load_token_not_found(token_store, mock_session):
# Setup
mock_session.query.return_value.filter.return_value.first.return_value = None
# Execute
result = await token_store.load_token()
# Verify
assert result is None
@pytest.mark.asyncio
async def test_get_instance(mock_config):
# Setup
test_user_id = 'test_user_id'
# Execute
result = await OfflineTokenStore.get_instance(mock_config, test_user_id)
# Verify
assert isinstance(result, OfflineTokenStore)
assert result.user_id == test_user_id
assert result.config == mock_config
class TestCheckDuplicateBaseEmail: class TestCheckDuplicateBaseEmail:

188
enterprise/tests/unit/test_user_repo_map_store.py Normal file
View File

@@ -0,0 +1,188 @@
import uuid
from unittest.mock import patch
import pytest
from sqlalchemy import select
from storage.user_repo_map import UserRepositoryMap
from storage.user_repo_map_store import UserRepositoryMapStore
@pytest.fixture
def user_repo_map_store():
return UserRepositoryMapStore(config=None)
@pytest.mark.asyncio
async def test_store_user_repo_mappings_empty_list(
user_repo_map_store, async_session_maker
):
"""Test storing empty list of mappings."""
# Should handle empty list gracefully
with patch(
'storage.user_repo_map_store.UserRepositoryMapStore.store_user_repo_mappings'
) as mock_method:
mock_method.return_value = None
result = await user_repo_map_store.store_user_repo_mappings([])
assert result is None
@pytest.mark.asyncio
async def test_store_user_repo_mappings_new_mappings(
user_repo_map_store, async_session_maker
):
"""Test storing new user-repository mappings in the database."""
# Setup - create mappings
user_id = str(uuid.uuid4())
mapping1 = UserRepositoryMap(
user_id=user_id,
repo_id='github##123',
admin=True,
)
mapping2 = UserRepositoryMap(
user_id=user_id,
repo_id='github##456',
admin=False,
)
# Execute - patch a_session_maker to use test's async session maker
with patch('storage.user_repo_map_store.a_session_maker', async_session_maker):
await user_repo_map_store.store_user_repo_mappings([mapping1, mapping2])
# Verify the mappings were stored
async with async_session_maker() as session:
result = await session.execute(
select(UserRepositoryMap).filter(
UserRepositoryMap.repo_id.in_(['github##123', 'github##456'])
)
)
mappings = result.scalars().all()
assert len(mappings) == 2
repo_ids = {m.repo_id for m in mappings}
assert 'github##123' in repo_ids
assert 'github##456' in repo_ids
@pytest.mark.asyncio
async def test_store_user_repo_mappings_update_existing(
user_repo_map_store, async_session_maker
):
"""Test updating existing user-repository mappings in the database."""
user_id = str(uuid.uuid4())
# Setup - create existing mapping
existing_mapping = UserRepositoryMap(
user_id=user_id,
repo_id='github##123',
admin=False,
)
async with async_session_maker() as session:
session.add(existing_mapping)
await session.commit()
# Execute - update the mapping with new values
updated_mapping = UserRepositoryMap(
user_id=user_id,
repo_id='github##123',
admin=True, # Changed from False
)
with patch('storage.user_repo_map_store.a_session_maker', async_session_maker):
await user_repo_map_store.store_user_repo_mappings([updated_mapping])
# Verify the mapping was updated
async with async_session_maker() as session:
result = await session.execute(
select(UserRepositoryMap).filter(
UserRepositoryMap.user_id == user_id,
UserRepositoryMap.repo_id == 'github##123',
)
)
mapping = result.scalars().first()
assert mapping is not None
assert mapping.admin is True
@pytest.mark.asyncio
async def test_store_user_repo_mappings_mixed_new_and_existing(
user_repo_map_store, async_session_maker
):
"""Test storing a mix of new and existing mappings."""
user_id = str(uuid.uuid4())
# Setup - create one existing mapping
existing_mapping = UserRepositoryMap(
user_id=user_id,
repo_id='github##123',
admin=False,
)
async with async_session_maker() as session:
session.add(existing_mapping)
await session.commit()
# Execute - store a mix of new and existing
mappings_to_store = [
UserRepositoryMap(
user_id=user_id,
repo_id='github##123',
admin=True, # Will update
),
UserRepositoryMap(
user_id=user_id,
repo_id='github##456',
admin=True,
),
]
with patch('storage.user_repo_map_store.a_session_maker', async_session_maker):
await user_repo_map_store.store_user_repo_mappings(mappings_to_store)
# Verify results
async with async_session_maker() as session:
result = await session.execute(
select(UserRepositoryMap).filter(
UserRepositoryMap.repo_id.in_(['github##123', 'github##456'])
)
)
mappings = result.scalars().all()
assert len(mappings) == 2
# Check the updated existing mapping
existing = next(m for m in mappings if m.repo_id == 'github##123')
assert existing.admin is True
# Check the new mapping
new = next(m for m in mappings if m.repo_id == 'github##456')
assert new.admin is True
@pytest.mark.asyncio
async def test_store_user_repo_mappings_different_users(
user_repo_map_store, async_session_maker
):
"""Test that mappings with different user IDs are stored separately."""
user_id1 = str(uuid.uuid4())
user_id2 = str(uuid.uuid4())
# Execute - store mappings for different users
mappings = [
UserRepositoryMap(user_id=user_id1, repo_id='github##123', admin=True),
UserRepositoryMap(user_id=user_id2, repo_id='github##123', admin=False),
]
with patch('storage.user_repo_map_store.a_session_maker', async_session_maker):
await user_repo_map_store.store_user_repo_mappings(mappings)
# Verify results
async with async_session_maker() as session:
result = await session.execute(
select(UserRepositoryMap).filter(UserRepositoryMap.repo_id == 'github##123')
)
mappings = result.scalars().all()
assert len(mappings) == 2
# Check both users have correct admin values
admin_values = {m.user_id: m.admin for m in mappings}
assert admin_values[user_id1] is True
assert admin_values[user_id2] is False

1
openhands/integrations/provider.py
View File

@@ -246,7 +246,6 @@ class ProviderHandler:
""" """
Get repositories from providers Get repositories from providers
""" """
if selected_provider: if selected_provider:
if not page or not per_page: if not page or not per_page:
raise ValueError('Failed to provider params for paginating repos') raise ValueError('Failed to provider params for paginating repos')

1
openhands/server/routes/git.py
View File

@@ -89,7 +89,6 @@ async def get_user_repositories(
external_auth_token=access_token, external_auth_token=access_token,
external_auth_id=user_id, external_auth_id=user_id,
) )
try: try:
return await client.get_repositories( return await client.get_repositories(
sort, sort,