Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 02:05:22 -04:00
Code Issues Packages Projects Releases Wiki Activity

Allow cookbook scopes for API tokens (#3090)

Browse Source 
Co-authored-by: Alexandre Teixeira <111787685+alteixeira20@users.noreply.github.com>
This commit is contained in:
arnodecorte
2026-06-09 22:03:40 +02:00
committed by GitHub
parent fbd8ee9033
commit 38dc9a0a41
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/api_token_routes.py
+1
View File
@@ -67,6 +67,7 @@ def _normalize_scopes(scopes: str | list[str] | None = None, profile: str | None
ensure_before("calendar:write", "calendar:read") ensure_before("calendar:write", "calendar:read")
ensure_before("memory:write", "memory:read") ensure_before("memory:write", "memory:read")
ensure_before("email:draft", "email:read") ensure_before("email:draft", "email:read")
ensure_before("cookbook:launch", "cookbook:read")
return normalized or [DEFAULT_SCOPES] return normalized or [DEFAULT_SCOPES]
tests/test_api_token_routes.py
+30
View File
@@ -192,6 +192,36 @@ def test_create_token_attributes_owner_hashes_secret_and_returns_raw_once(monkey
invalidator.assert_called_once() invalidator.assert_called_once()
def test_create_token_accepts_cookbook_read_scope(monkeypatch, token_routes_mod):
monkeypatch.setenv("AUTH_ENABLED", "true")
mod = token_routes_mod
fake_session = MagicMock()
monkeypatch.setattr(mod, "get_db_session", lambda: _db_ctx(fake_session))
monkeypatch.setattr(mod, "get_current_user", lambda req: req.state.current_user)
req = _req("alice", is_admin=True)
create_token = _get_handler(mod, "POST", "/tokens")
resp = create_token(request=req, name="cookbook-reader", scopes="cookbook:read")
assert resp["scopes"] == ["cookbook:read"]
def test_cookbook_launch_scope_implies_read(monkeypatch, token_routes_mod):
monkeypatch.setenv("AUTH_ENABLED", "true")
mod = token_routes_mod
fake_session = MagicMock()
monkeypatch.setattr(mod, "get_db_session", lambda: _db_ctx(fake_session))
monkeypatch.setattr(mod, "get_current_user", lambda req: req.state.current_user)
req = _req("alice", is_admin=True)
create_token = _get_handler(mod, "POST", "/tokens")
resp = create_token(request=req, name="cookbook-launcher", scopes="cookbook:launch")
assert resp["scopes"] == ["cookbook:read", "cookbook:launch"]
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
# 3. GET /api/tokens — safe display fields only, no hash or raw token # 3. GET /api/tokens — safe display fields only, no hash or raw token
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------