YunxiaoXu/ea-chatbot-lg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(backend): Refactor OIDC callback and auth dependency to correctly handle cookies and prefix all API routes with /api/v1.

Browse Source
This commit is contained in:
Yunxiao Xu
2026-02-12 01:26:28 -08:00
parent 49a9da7c0c
commit 0dfdef738d
6 changed files with 51 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/tests/api/test_agent.py
View File

@@ -21,7 +21,7 @@ def auth_header(mock_user):
def test_stream_agent_unauthorized():
"""Test that streaming requires authentication."""
response = client.post("/chat/stream", json={"message": "hello"})
response = client.post("/api/v1/chat/stream", json={"message": "hello"})
assert response.status_code == 401
@pytest.mark.asyncio
@@ -52,7 +52,7 @@ async def test_stream_agent_success(auth_header, mock_user):
mock_session.get.return_value = mock_conv
# Using TestClient with a stream context
with client.stream("POST", "/chat/stream",
with client.stream("POST", "/api/v1/chat/stream",
json={"message": "hello", "thread_id": "t1"},
headers=auth_header) as response:
assert response.status_code == 200

21
backend/tests/api/test_api_auth.py
View File

@@ -26,7 +26,7 @@ def test_register_user_success():
mock_hm.create_user.return_value = User(id="1", username="new@example.com", display_name="New")
response = client.post(
"/auth/register",
"/api/v1/auth/register",
json={"email": "new@example.com", "password": "password123", "display_name": "New"}
)
@@ -39,7 +39,7 @@ def test_login_success():
mock_hm.authenticate_user.return_value = User(id="1", username="test@example.com")
response = client.post(
"/auth/login",
"/api/v1/auth/login",
data={"username": "test@example.com", "password": "password123"}
)
@@ -53,7 +53,7 @@ def test_login_invalid_credentials():
mock_hm.authenticate_user.return_value = None
response = client.post(
"/auth/login",
"/api/v1/auth/login",
data={"username": "test@example.com", "password": "wrongpassword"}
)
@@ -62,7 +62,7 @@ def test_login_invalid_credentials():
def test_protected_route_without_token():
"""Test that protected routes require a token."""
response = client.get("/auth/me")
response = client.get("/api/v1/auth/me")
assert response.status_code == 401
def test_oidc_login_redirect():
@@ -70,12 +70,12 @@ def test_oidc_login_redirect():
with patch("ea_chatbot.api.routers.auth.oidc_client") as mock_oidc:
mock_oidc.get_login_url.return_value = "https://oidc-provider.com/auth"
response = client.get("/auth/oidc/login")
response = client.get("/api/v1/auth/oidc/login")
assert response.status_code == 200
assert response.json()["url"] == "https://oidc-provider.com/auth"
def test_oidc_callback_success():
"""Test successful OIDC callback and JWT issuance."""
def test_oidc_callback_success_ajax():
"""Test successful OIDC callback and JWT issuance via AJAX."""
with patch("ea_chatbot.api.routers.auth.oidc_client") as mock_oidc, \
patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm:
@@ -83,7 +83,10 @@ def test_oidc_callback_success():
mock_oidc.get_user_info.return_value = {"email": "sso@example.com", "name": "SSO User"}
mock_hm.sync_user_from_oidc.return_value = User(id="sso-123", username="sso@example.com", display_name="SSO User")
response = client.get("/auth/oidc/callback?code=some-code")
response = client.get(
"/api/v1/auth/oidc/callback?code=some-code",
headers={"Accept": "application/json"}
)
assert response.status_code == 200
assert "access_token" in response.json()
@@ -98,7 +101,7 @@ def test_get_me_success():
mock_hm.get_user_by_id.return_value = User(id="123", username="test@example.com", display_name="Test")
response = client.get(
"/auth/me",
"/api/v1/auth/me",
headers={"Authorization": f"Bearer {token}"}
)

10
backend/tests/api/test_api_history.py
View File

@@ -35,7 +35,7 @@ def test_get_conversations_success(auth_header, mock_user):
)
]
response = client.get("/conversations", headers=auth_header)
response = client.get("/api/v1/conversations", headers=auth_header)
assert response.status_code == 200
assert len(response.json()) == 1
@@ -53,7 +53,7 @@ def test_create_conversation_success(auth_header, mock_user):
)
response = client.post(
"/conversations",
"/api/v1/conversations",
json={"name": "New Conv"},
headers=auth_header
)
@@ -75,7 +75,7 @@ def test_get_messages_success(auth_header):
)
]
response = client.get("/conversations/c1/messages", headers=auth_header)
response = client.get("/api/v1/conversations/c1/messages", headers=auth_header)
assert response.status_code == 200
assert len(response.json()) == 1
@@ -86,7 +86,7 @@ def test_delete_conversation_success(auth_header):
with patch("ea_chatbot.api.routers.history.history_manager") as mock_hm:
mock_hm.delete_conversation.return_value = True
response = client.delete("/conversations/c1", headers=auth_header)
response = client.delete("/api/v1/conversations/c1", headers=auth_header)
assert response.status_code == 204
def test_get_plot_success(auth_header, mock_user):
@@ -109,7 +109,7 @@ def test_get_plot_success(auth_header, mock_user):
mock_session.get.side_effect = mock_get
response = client.get("/artifacts/plots/p1", headers=auth_header)
response = client.get("/api/v1/artifacts/plots/p1", headers=auth_header)
assert response.status_code == 200
assert response.content == b"fake-image-data"

2
backend/tests/api/test_persistence.py
View File

@@ -46,7 +46,7 @@ def test_persistence_integration_success(auth_header, mock_user):
mock_session.get.return_value = mock_conv
# Act
with client.stream("POST", "/chat/stream",
with client.stream("POST", "/api/v1/chat/stream",
json={"message": "persistence test", "thread_id": "t1"},
headers=auth_header) as response:
assert response.status_code == 200