ci: fix AttributeError: 'Flask' object has no attribute 'login_manager' FAILED #33891 (#33896)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-05-02 08:28:03 +08:00 · 2026-03-23 21:27:14 +09:00
parent 8b6fc07019
commit d956b919a0
13 changed files with 1792 additions and 1726 deletions
--- a/api/tests/test_containers_integration_tests/controllers/console/auth/test_data_source_bearer_auth.py
+++ b/api/tests/test_containers_integration_tests/controllers/console/auth/test_data_source_bearer_auth.py
@ -0,0 +1,131 @@
+"""Controller integration tests for API key data source auth routes."""
+
+import json
+from unittest.mock import patch
+
+from flask.testing import FlaskClient
+from sqlalchemy import select
+from sqlalchemy.orm import Session
+
+from models.source import DataSourceApiKeyAuthBinding
+from tests.test_containers_integration_tests.controllers.console.helpers import (
+    authenticate_console_client,
+    create_console_account_and_tenant,
+)
+
+
+def test_get_api_key_auth_data_source(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, tenant = create_console_account_and_tenant(db_session_with_containers)
+    binding = DataSourceApiKeyAuthBinding(
+        tenant_id=tenant.id,
+        category="api_key",
+        provider="custom_provider",
+        credentials=json.dumps({"auth_type": "api_key", "config": {"api_key": "encrypted"}}),
+        disabled=False,
+    )
+    db_session_with_containers.add(binding)
+    db_session_with_containers.commit()
+
+    response = test_client_with_containers.get(
+        "/console/api/api-key-auth/data-source",
+        headers=authenticate_console_client(test_client_with_containers, account),
+    )
+
+    assert response.status_code == 200
+    payload = response.get_json()
+    assert payload is not None
+    assert len(payload["sources"]) == 1
+    assert payload["sources"][0]["provider"] == "custom_provider"
+
+
+def test_get_api_key_auth_data_source_empty(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, _tenant = create_console_account_and_tenant(db_session_with_containers)
+
+    response = test_client_with_containers.get(
+        "/console/api/api-key-auth/data-source",
+        headers=authenticate_console_client(test_client_with_containers, account),
+    )
+
+    assert response.status_code == 200
+    assert response.get_json() == {"sources": []}
+
+
+def test_create_binding_successful(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, _tenant = create_console_account_and_tenant(db_session_with_containers)
+
+    with (
+        patch("controllers.console.auth.data_source_bearer_auth.ApiKeyAuthService.validate_api_key_auth_args"),
+        patch("controllers.console.auth.data_source_bearer_auth.ApiKeyAuthService.create_provider_auth"),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/api-key-auth/data-source/binding",
+            json={"category": "api_key", "provider": "custom", "credentials": {"key": "value"}},
+            headers=authenticate_console_client(test_client_with_containers, account),
+        )
+
+    assert response.status_code == 200
+    assert response.get_json() == {"result": "success"}
+
+
+def test_create_binding_failure(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, _tenant = create_console_account_and_tenant(db_session_with_containers)
+
+    with (
+        patch("controllers.console.auth.data_source_bearer_auth.ApiKeyAuthService.validate_api_key_auth_args"),
+        patch(
+            "controllers.console.auth.data_source_bearer_auth.ApiKeyAuthService.create_provider_auth",
+            side_effect=ValueError("Invalid structure"),
+        ),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/api-key-auth/data-source/binding",
+            json={"category": "api_key", "provider": "custom", "credentials": {"key": "value"}},
+            headers=authenticate_console_client(test_client_with_containers, account),
+        )
+
+    assert response.status_code == 500
+    payload = response.get_json()
+    assert payload is not None
+    assert payload["code"] == "auth_failed"
+    assert payload["message"] == "Invalid structure"
+
+
+def test_delete_binding_successful(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, tenant = create_console_account_and_tenant(db_session_with_containers)
+    binding = DataSourceApiKeyAuthBinding(
+        tenant_id=tenant.id,
+        category="api_key",
+        provider="custom_provider",
+        credentials=json.dumps({"auth_type": "api_key", "config": {"api_key": "encrypted"}}),
+        disabled=False,
+    )
+    db_session_with_containers.add(binding)
+    db_session_with_containers.commit()
+
+    response = test_client_with_containers.delete(
+        f"/console/api/api-key-auth/data-source/{binding.id}",
+        headers=authenticate_console_client(test_client_with_containers, account),
+    )
+
+    assert response.status_code == 204
+    assert (
+        db_session_with_containers.scalar(
+            select(DataSourceApiKeyAuthBinding).where(DataSourceApiKeyAuthBinding.id == binding.id)
+        )
+        is None
+    )
--- a/api/tests/test_containers_integration_tests/controllers/console/auth/test_data_source_oauth.py
+++ b/api/tests/test_containers_integration_tests/controllers/console/auth/test_data_source_oauth.py
@ -0,0 +1,120 @@
+"""Controller integration tests for console OAuth data source routes."""
+
+from unittest.mock import MagicMock, patch
+
+from flask.testing import FlaskClient
+from sqlalchemy.orm import Session
+
+from models.source import DataSourceOauthBinding
+from tests.test_containers_integration_tests.controllers.console.helpers import (
+    authenticate_console_client,
+    create_console_account_and_tenant,
+)
+
+
+def test_get_oauth_url_successful(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, tenant = create_console_account_and_tenant(db_session_with_containers)
+    provider = MagicMock()
+    provider.get_authorization_url.return_value = "http://oauth.provider/auth"
+
+    with (
+        patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": provider}),
+        patch("controllers.console.auth.data_source_oauth.dify_config.NOTION_INTEGRATION_TYPE", None),
+    ):
+        response = test_client_with_containers.get(
+            "/console/api/oauth/data-source/notion",
+            headers=authenticate_console_client(test_client_with_containers, account),
+        )
+
+    assert tenant.id == account.current_tenant_id
+    assert response.status_code == 200
+    assert response.get_json() == {"data": "http://oauth.provider/auth"}
+    provider.get_authorization_url.assert_called_once()
+
+
+def test_get_oauth_url_invalid_provider(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, _tenant = create_console_account_and_tenant(db_session_with_containers)
+
+    with patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": MagicMock()}):
+        response = test_client_with_containers.get(
+            "/console/api/oauth/data-source/unknown_provider",
+            headers=authenticate_console_client(test_client_with_containers, account),
+        )
+
+    assert response.status_code == 400
+    assert response.get_json() == {"error": "Invalid provider"}
+
+
+def test_oauth_callback_successful(test_client_with_containers: FlaskClient) -> None:
+    with patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": MagicMock()}):
+        response = test_client_with_containers.get("/console/api/oauth/data-source/callback/notion?code=mock_code")
+
+    assert response.status_code == 302
+    assert "code=mock_code" in response.location
+
+
+def test_oauth_callback_missing_code(test_client_with_containers: FlaskClient) -> None:
+    with patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": MagicMock()}):
+        response = test_client_with_containers.get("/console/api/oauth/data-source/callback/notion")
+
+    assert response.status_code == 302
+    assert "error=Access%20denied" in response.location
+
+
+def test_oauth_callback_invalid_provider(test_client_with_containers: FlaskClient) -> None:
+    with patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": MagicMock()}):
+        response = test_client_with_containers.get("/console/api/oauth/data-source/callback/invalid?code=mock_code")
+
+    assert response.status_code == 400
+    assert response.get_json() == {"error": "Invalid provider"}
+
+
+def test_get_binding_successful(test_client_with_containers: FlaskClient) -> None:
+    provider = MagicMock()
+    with patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": provider}):
+        response = test_client_with_containers.get("/console/api/oauth/data-source/binding/notion?code=auth_code_123")
+
+    assert response.status_code == 200
+    assert response.get_json() == {"result": "success"}
+    provider.get_access_token.assert_called_once_with("auth_code_123")
+
+
+def test_get_binding_missing_code(test_client_with_containers: FlaskClient) -> None:
+    with patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": MagicMock()}):
+        response = test_client_with_containers.get("/console/api/oauth/data-source/binding/notion?code=")
+
+    assert response.status_code == 400
+    assert response.get_json() == {"error": "Invalid code"}
+
+
+def test_sync_successful(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, tenant = create_console_account_and_tenant(db_session_with_containers)
+    binding = DataSourceOauthBinding(
+        tenant_id=tenant.id,
+        access_token="test-access-token",
+        provider="notion",
+        source_info={"workspace_name": "Workspace", "workspace_icon": None, "workspace_id": tenant.id, "pages": []},
+        disabled=False,
+    )
+    db_session_with_containers.add(binding)
+    db_session_with_containers.commit()
+
+    provider = MagicMock()
+    with patch("controllers.console.auth.data_source_oauth.get_oauth_providers", return_value={"notion": provider}):
+        response = test_client_with_containers.get(
+            f"/console/api/oauth/data-source/notion/{binding.id}/sync",
+            headers=authenticate_console_client(test_client_with_containers, account),
+        )
+
+    assert response.status_code == 200
+    assert response.get_json() == {"result": "success"}
+    provider.sync_data_source.assert_called_once_with(binding.id)
--- a/api/tests/test_containers_integration_tests/controllers/console/auth/test_oauth_server.py
+++ b/api/tests/test_containers_integration_tests/controllers/console/auth/test_oauth_server.py
@ -0,0 +1,365 @@
+"""Controller integration tests for console OAuth server routes."""
+
+from unittest.mock import patch
+
+from flask.testing import FlaskClient
+from sqlalchemy.orm import Session
+
+from models.model import OAuthProviderApp
+from services.oauth_server import OAUTH_ACCESS_TOKEN_EXPIRES_IN
+from tests.test_containers_integration_tests.controllers.console.helpers import (
+    authenticate_console_client,
+    create_console_account_and_tenant,
+    ensure_dify_setup,
+)
+
+
+def _build_oauth_provider_app() -> OAuthProviderApp:
+    return OAuthProviderApp(
+        app_icon="icon_url",
+        client_id="test_client_id",
+        client_secret="test_secret",
+        app_label={"en-US": "Test App"},
+        redirect_uris=["http://localhost/callback"],
+        scope="read,write",
+    )
+
+
+def test_oauth_provider_successful_post(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider",
+            json={"client_id": "test_client_id", "redirect_uri": "http://localhost/callback"},
+        )
+
+    assert response.status_code == 200
+    payload = response.get_json()
+    assert payload is not None
+    assert payload["app_icon"] == "icon_url"
+    assert payload["app_label"] == {"en-US": "Test App"}
+    assert payload["scope"] == "read,write"
+
+
+def test_oauth_provider_invalid_redirect_uri(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider",
+            json={"client_id": "test_client_id", "redirect_uri": "http://invalid/callback"},
+        )
+
+    assert response.status_code == 400
+    payload = response.get_json()
+    assert payload is not None
+    assert "redirect_uri is invalid" in payload["message"]
+
+
+def test_oauth_provider_invalid_client_id(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    response = test_client_with_containers.post(
+        "/console/api/oauth/provider",
+        json={"client_id": "test_invalid_client_id", "redirect_uri": "http://localhost/callback"},
+    )
+
+    assert response.status_code == 404
+    payload = response.get_json()
+    assert payload is not None
+    assert "client_id is invalid" in payload["message"]
+
+
+def test_oauth_authorize_successful(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    account, _tenant = create_console_account_and_tenant(db_session_with_containers)
+
+    with (
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+            return_value=_build_oauth_provider_app(),
+        ),
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.sign_oauth_authorization_code",
+            return_value="auth_code_123",
+        ) as mock_sign,
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/authorize",
+            json={"client_id": "test_client_id"},
+            headers=authenticate_console_client(test_client_with_containers, account),
+        )
+
+    assert response.status_code == 200
+    assert response.get_json() == {"code": "auth_code_123"}
+    mock_sign.assert_called_once_with("test_client_id", account.id)
+
+
+def test_oauth_token_authorization_code_grant(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with (
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+            return_value=_build_oauth_provider_app(),
+        ),
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.sign_oauth_access_token",
+            return_value=("access_123", "refresh_123"),
+        ),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/token",
+            json={
+                "client_id": "test_client_id",
+                "grant_type": "authorization_code",
+                "code": "auth_code",
+                "client_secret": "test_secret",
+                "redirect_uri": "http://localhost/callback",
+            },
+        )
+
+    assert response.status_code == 200
+    assert response.get_json() == {
+        "access_token": "access_123",
+        "token_type": "Bearer",
+        "expires_in": OAUTH_ACCESS_TOKEN_EXPIRES_IN,
+        "refresh_token": "refresh_123",
+    }
+
+
+def test_oauth_token_authorization_code_grant_missing_code(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/token",
+            json={
+                "client_id": "test_client_id",
+                "grant_type": "authorization_code",
+                "client_secret": "test_secret",
+                "redirect_uri": "http://localhost/callback",
+            },
+        )
+
+    assert response.status_code == 400
+    assert response.get_json()["message"] == "code is required"
+
+
+def test_oauth_token_authorization_code_grant_invalid_secret(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/token",
+            json={
+                "client_id": "test_client_id",
+                "grant_type": "authorization_code",
+                "code": "auth_code",
+                "client_secret": "invalid_secret",
+                "redirect_uri": "http://localhost/callback",
+            },
+        )
+
+    assert response.status_code == 400
+    assert response.get_json()["message"] == "client_secret is invalid"
+
+
+def test_oauth_token_authorization_code_grant_invalid_redirect_uri(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/token",
+            json={
+                "client_id": "test_client_id",
+                "grant_type": "authorization_code",
+                "code": "auth_code",
+                "client_secret": "test_secret",
+                "redirect_uri": "http://invalid/callback",
+            },
+        )
+
+    assert response.status_code == 400
+    assert response.get_json()["message"] == "redirect_uri is invalid"
+
+
+def test_oauth_token_refresh_token_grant(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with (
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+            return_value=_build_oauth_provider_app(),
+        ),
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.sign_oauth_access_token",
+            return_value=("new_access", "new_refresh"),
+        ),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/token",
+            json={"client_id": "test_client_id", "grant_type": "refresh_token", "refresh_token": "refresh_123"},
+        )
+
+    assert response.status_code == 200
+    assert response.get_json() == {
+        "access_token": "new_access",
+        "token_type": "Bearer",
+        "expires_in": OAUTH_ACCESS_TOKEN_EXPIRES_IN,
+        "refresh_token": "new_refresh",
+    }
+
+
+def test_oauth_token_refresh_token_grant_missing_token(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/token",
+            json={"client_id": "test_client_id", "grant_type": "refresh_token"},
+        )
+
+    assert response.status_code == 400
+    assert response.get_json()["message"] == "refresh_token is required"
+
+
+def test_oauth_token_invalid_grant_type(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/token",
+            json={"client_id": "test_client_id", "grant_type": "invalid_grant"},
+        )
+
+    assert response.status_code == 400
+    assert response.get_json()["message"] == "invalid grant_type"
+
+
+def test_oauth_account_successful_retrieval(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+    account, _tenant = create_console_account_and_tenant(db_session_with_containers)
+    account.avatar = "avatar_url"
+    db_session_with_containers.commit()
+
+    with (
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+            return_value=_build_oauth_provider_app(),
+        ),
+        patch(
+            "controllers.console.auth.oauth_server.OAuthServerService.validate_oauth_access_token",
+            return_value=account,
+        ),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/account",
+            json={"client_id": "test_client_id"},
+            headers={"Authorization": "Bearer valid_access_token"},
+        )
+
+    assert response.status_code == 200
+    assert response.get_json() == {
+        "name": "Test User",
+        "email": account.email,
+        "avatar": "avatar_url",
+        "interface_language": "en-US",
+        "timezone": "UTC",
+    }
+
+
+def test_oauth_account_missing_authorization_header(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/account",
+            json={"client_id": "test_client_id"},
+        )
+
+    assert response.status_code == 401
+    assert response.get_json() == {"error": "Authorization header is required"}
+
+
+def test_oauth_account_invalid_authorization_header_format(
+    db_session_with_containers: Session,
+    test_client_with_containers: FlaskClient,
+) -> None:
+    ensure_dify_setup(db_session_with_containers)
+
+    with patch(
+        "controllers.console.auth.oauth_server.OAuthServerService.get_oauth_provider_app",
+        return_value=_build_oauth_provider_app(),
+    ):
+        response = test_client_with_containers.post(
+            "/console/api/oauth/provider/account",
+            json={"client_id": "test_client_id"},
+            headers={"Authorization": "InvalidFormat"},
+        )
+
+    assert response.status_code == 401
+    assert response.get_json() == {"error": "Invalid Authorization header format"}