update
This commit is contained in:
Ubuntu
@@ -3,8 +3,8 @@
|
||||
import pytest
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
from aegis_gitea_mcp.config import reset_settings
|
||||
from aegis_gitea_mcp.auth import reset_validator
|
||||
from aegis_gitea_mcp.config import reset_settings
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
@@ -40,6 +40,7 @@ def client(mock_env):
|
||||
"""Create test client."""
|
||||
# Import after setting env vars
|
||||
from aegis_gitea_mcp.server import app
|
||||
|
||||
return TestClient(app)
|
||||
|
||||
|
||||
@@ -47,13 +48,14 @@ def client(mock_env):
|
||||
def client_no_auth(mock_env_auth_disabled):
|
||||
"""Create test client with auth disabled."""
|
||||
from aegis_gitea_mcp.server import app
|
||||
|
||||
return TestClient(app)
|
||||
|
||||
|
||||
def test_root_endpoint(client):
|
||||
"""Test root endpoint returns server info."""
|
||||
response = client.get("/")
|
||||
|
||||
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
assert data["name"] == "AegisGitea MCP Server"
|
||||
@@ -64,7 +66,7 @@ def test_root_endpoint(client):
|
||||
def test_health_endpoint(client):
|
||||
"""Test health check endpoint."""
|
||||
response = client.get("/health")
|
||||
|
||||
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
assert data["status"] == "healthy"
|
||||
@@ -73,42 +75,41 @@ def test_health_endpoint(client):
|
||||
def test_health_endpoint_no_auth_required(client):
|
||||
"""Test that health check doesn't require authentication."""
|
||||
response = client.get("/health")
|
||||
|
||||
|
||||
# Should work without Authorization header
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_list_tools_without_auth(client):
|
||||
"""Test that /mcp/tools requires authentication."""
|
||||
"""Test that /mcp/tools is public (Mixed mode for ChatGPT)."""
|
||||
response = client.get("/mcp/tools")
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
# Tool listing is public to support ChatGPT discovery
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
assert "Authentication failed" in data["error"]
|
||||
assert "tools" in data
|
||||
|
||||
|
||||
def test_list_tools_with_invalid_key(client):
|
||||
"""Test /mcp/tools with invalid API key."""
|
||||
"""Test /mcp/tools works even with invalid key (public endpoint)."""
|
||||
response = client.get(
|
||||
"/mcp/tools",
|
||||
headers={"Authorization": "Bearer invalid-key-12345678901234567890123456789012"}
|
||||
headers={"Authorization": "Bearer invalid-key-12345678901234567890123456789012"},
|
||||
)
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
# Tool listing is public, so even invalid keys can list tools
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_list_tools_with_valid_key(client, mock_env):
|
||||
"""Test /mcp/tools with valid API key."""
|
||||
response = client.get(
|
||||
"/mcp/tools",
|
||||
headers={"Authorization": f"Bearer {'a' * 64}"}
|
||||
)
|
||||
|
||||
response = client.get("/mcp/tools", headers={"Authorization": f"Bearer {'a' * 64}"})
|
||||
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
assert "tools" in data
|
||||
assert len(data["tools"]) > 0
|
||||
|
||||
|
||||
# Check tool structure
|
||||
tool = data["tools"][0]
|
||||
assert "name" in tool
|
||||
@@ -118,10 +119,8 @@ def test_list_tools_with_valid_key(client, mock_env):
|
||||
|
||||
def test_list_tools_with_query_param(client):
|
||||
"""Test /mcp/tools with API key in query parameter."""
|
||||
response = client.get(
|
||||
f"/mcp/tools?api_key={'a' * 64}"
|
||||
)
|
||||
|
||||
response = client.get(f"/mcp/tools?api_key={'a' * 64}")
|
||||
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
assert "tools" in data
|
||||
@@ -131,7 +130,7 @@ def test_list_tools_with_query_param(client):
|
||||
def test_list_tools_no_auth_when_disabled(client_no_auth):
|
||||
"""Test that /mcp/tools works without auth when disabled."""
|
||||
response = client_no_auth.get("/mcp/tools")
|
||||
|
||||
|
||||
# Should work without Authorization header when auth is disabled
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
@@ -140,11 +139,8 @@ def test_list_tools_no_auth_when_disabled(client_no_auth):
|
||||
|
||||
def test_call_tool_without_auth(client):
|
||||
"""Test that /mcp/tool/call requires authentication."""
|
||||
response = client.post(
|
||||
"/mcp/tool/call",
|
||||
json={"tool": "list_repositories", "arguments": {}}
|
||||
)
|
||||
|
||||
response = client.post("/mcp/tool/call", json={"tool": "list_repositories", "arguments": {}})
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
@@ -153,9 +149,9 @@ def test_call_tool_with_invalid_key(client):
|
||||
response = client.post(
|
||||
"/mcp/tool/call",
|
||||
headers={"Authorization": "Bearer invalid-key-12345678901234567890123456789012"},
|
||||
json={"tool": "list_repositories", "arguments": {}}
|
||||
json={"tool": "list_repositories", "arguments": {}},
|
||||
)
|
||||
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
@@ -164,9 +160,10 @@ def test_call_nonexistent_tool(client):
|
||||
response = client.post(
|
||||
"/mcp/tool/call",
|
||||
headers={"Authorization": f"Bearer {'a' * 64}"},
|
||||
json={"tool": "nonexistent_tool", "arguments": {}}
|
||||
json={"tool": "nonexistent_tool", "arguments": {}},
|
||||
)
|
||||
|
||||
|
||||
# Tool not found returns 404 (auth passes but tool missing)
|
||||
assert response.status_code == 404
|
||||
data = response.json()
|
||||
assert "not found" in data["detail"].lower()
|
||||
@@ -175,43 +172,42 @@ def test_call_nonexistent_tool(client):
|
||||
def test_sse_endpoint_without_auth(client):
|
||||
"""Test that SSE endpoint requires authentication."""
|
||||
response = client.get("/mcp/sse")
|
||||
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
def test_auth_header_formats(client):
|
||||
"""Test various Authorization header formats."""
|
||||
"""Test various Authorization header formats on protected endpoint."""
|
||||
# Test with /mcp/tool/call since /mcp/tools is now public
|
||||
tool_data = {"tool": "list_repositories", "arguments": {}}
|
||||
|
||||
# Missing "Bearer" prefix
|
||||
response = client.get(
|
||||
"/mcp/tools",
|
||||
headers={"Authorization": "a" * 64}
|
||||
)
|
||||
response = client.post("/mcp/tool/call", headers={"Authorization": "a" * 64}, json=tool_data)
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
# Wrong case
|
||||
response = client.get(
|
||||
"/mcp/tools",
|
||||
headers={"Authorization": "bearer " + "a" * 64}
|
||||
response = client.post(
|
||||
"/mcp/tool/call", headers={"Authorization": "bearer " + "a" * 64}, json=tool_data
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
# Extra spaces
|
||||
response = client.get(
|
||||
"/mcp/tools",
|
||||
headers={"Authorization": f"Bearer {'a' * 64}"}
|
||||
response = client.post(
|
||||
"/mcp/tool/call", headers={"Authorization": f"Bearer {'a' * 64}"}, json=tool_data
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
def test_rate_limiting(client):
|
||||
"""Test rate limiting after multiple failed auth attempts."""
|
||||
# Make 6 failed attempts
|
||||
tool_data = {"tool": "list_repositories", "arguments": {}}
|
||||
|
||||
# Make 6 failed attempts on protected endpoint
|
||||
for i in range(6):
|
||||
response = client.get(
|
||||
"/mcp/tools",
|
||||
headers={"Authorization": "Bearer " + "b" * 64}
|
||||
response = client.post(
|
||||
"/mcp/tool/call", headers={"Authorization": "Bearer " + "x" * 64}, json=tool_data
|
||||
)
|
||||
|
||||
|
||||
# Last response should mention rate limiting
|
||||
data = response.json()
|
||||
assert "Too many failed" in data["message"]
|
||||
|
||||
Reference in New Issue
Block a user