youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-27 20:36:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9b25980b09308ef87757847f08c696fcb310f60b
dify/api/tests/unit_tests/controllers/openapi/auth/test_flow.py
GareArc 9b25980b09 feat(openapi): redesign auth pipeline — one pipeline per token type with PipelineRouter 
Replace the single mutable-context Pipeline with a two-phase, condition-driven
system dispatched by token type.

New architecture:
- TokenType(StrEnum) replaces source: str on AuthContext / TokenKind
- AuthPipeline: pure prepare→auth step runner; no guard()
- PipelineRoute: binds AuthPipeline to an optional required_edition gate
- PipelineRouter: single guard() entry point; runs edition/license/token-type
  pre-gates then dispatches to the registered pipeline for the token type
- Cond / When: composable predicates for conditional step dispatch
- AuthData: frozen Pydantic model produced by the prepare phase; carries
  token_id so endpoints don't need to call get_auth_ctx() for identity fields
- Edition enum + current_edition(): CE / EE / SAAS discriminator

Two pipelines in composition.py:
- account_pipeline  — OAUTH_ACCOUNT tokens
- external_sso_pipeline — OAUTH_EXTERNAL_SSO tokens (EE enforced at route level)

All /openapi/v1 endpoints migrated to auth_router.guard().
Old context.py, steps.py, strategies.py, surface_gate.py deleted.
WORKSPACE_READ scope added; cached_verdicts renamed to membership_cache.
2026-05-26 03:16:28 -07:00

43 lines
1.2 KiB
Python
Raw Blame History

import inspect
from controllers.openapi.auth.conditions import Cond
from controllers.openapi.auth.data import AuthData, RequestContext
from controllers.openapi.auth.flow import When
from libs.oauth_bearer import TokenType
def _ctx():
return RequestContext(token_type=TokenType.OAUTH_ACCOUNT, path_params={})
def _data():
return AuthData(token_type=TokenType.OAUTH_ACCOUNT, token_hash="x", scopes=frozenset())
def test_applies_returns_true_when_condition_true():
w = When(Cond(lambda ctx, _: True), then=lambda b: None)
assert w.applies(_ctx()) is True
def test_applies_returns_false_when_condition_false():
w = When(Cond(lambda ctx, _: False), then=lambda b: None)
assert w.applies(_ctx()) is False
def test_applies_with_data():
w = When(Cond(lambda ctx, data: data is not None), then=lambda b: None)
assert w.applies(_ctx(), _data()) is True
assert w.applies(_ctx(), None) is False
def test_call_invokes_step():
calls = []
w = When(Cond(lambda ctx, _: True), then=lambda arg: calls.append(arg))
w("payload")
assert calls == ["payload"]
def test_then_is_keyword_only():
sig = inspect.signature(When.__init__)
assert sig.parameters["then"].kind.name == "KEYWORD_ONLY"
Reference in New Issue View Git Blame Copy Permalink