Adriano/Cerbero-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c94312d79fd9c33e0e89aaa48e4a579457c68004
Cerbero-mcp/tests/unit/test_auth.py
T
AdrianoDev 69ac878893 feat(V2): X-Bot-Tag header obbligatorio + endpoint /admin/audit con filtri 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 08:51:40 +02:00

175 lines
4.9 KiB
Python
Raw Blame History

from fastapi import FastAPI, Request
from fastapi.testclient import TestClient
def test_health_no_auth_required():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
@fa.get("/health")
def h():
return {"ok": True}
c = TestClient(fa)
r = c.get("/health")
assert r.status_code == 200
def test_apidocs_no_auth_required():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI(docs_url="/apidocs")
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
c = TestClient(fa)
r = c.get("/apidocs")
assert r.status_code == 200
r = c.get("/openapi.json")
assert r.status_code == 200
def test_missing_authorization_header_401():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
@fa.get("/mcp-deribit/health")
def h():
return {"ok": True}
c = TestClient(fa)
r = c.get("/mcp-deribit/health")
assert r.status_code == 401
def test_invalid_bearer_401():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
@fa.get("/mcp-deribit/health")
def h():
return {"ok": True}
c = TestClient(fa)
r = c.get("/mcp-deribit/health", headers={"Authorization": "Bearer wrong"})
assert r.status_code == 401
def test_testnet_token_sets_env_testnet():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="tk_test", mainnet_token="tk_live")
@fa.get("/mcp-deribit/peek")
def peek(request: Request):
return {"env": request.state.environment}
c = TestClient(fa)
r = c.get(
"/mcp-deribit/peek",
headers={"Authorization": "Bearer tk_test", "X-Bot-Tag": "test-bot"},
)
assert r.status_code == 200
assert r.json() == {"env": "testnet"}
def test_mainnet_token_sets_env_mainnet():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="tk_test", mainnet_token="tk_live")
@fa.get("/mcp-deribit/peek")
def peek(request: Request):
return {"env": request.state.environment}
c = TestClient(fa)
r = c.get(
"/mcp-deribit/peek",
headers={"Authorization": "Bearer tk_live", "X-Bot-Tag": "test-bot"},
)
assert r.status_code == 200
assert r.json() == {"env": "mainnet"}
def test_uses_compare_digest():
"""Verifica che _check_token usi secrets.compare_digest (timing-safe)."""
import inspect
from cerbero_mcp import auth
src = inspect.getsource(auth)
assert "compare_digest" in src, "auth.py deve usare secrets.compare_digest"
# ── X-Bot-Tag header ─────────────────────────────────────────────────────────
def test_missing_bot_tag_returns_400():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
@fa.get("/mcp-deribit/health")
def h():
return {"ok": True}
c = TestClient(fa)
r = c.get("/mcp-deribit/health", headers={"Authorization": "Bearer t"})
assert r.status_code == 400
assert "X-Bot-Tag" in r.json()["error"]["message"]
def test_bot_tag_accepted_and_set_on_state():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
@fa.get("/mcp-deribit/peek")
def peek(request: Request):
return {
"env": request.state.environment,
"bot_tag": request.state.bot_tag,
}
c = TestClient(fa)
r = c.get(
"/mcp-deribit/peek",
headers={"Authorization": "Bearer t", "X-Bot-Tag": "scanner-alpha"},
)
assert r.status_code == 200
assert r.json() == {"env": "testnet", "bot_tag": "scanner-alpha"}
def test_bot_tag_too_long_returns_400():
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
@fa.get("/mcp-deribit/health")
def h():
return {"ok": True}
c = TestClient(fa)
r = c.get(
"/mcp-deribit/health",
headers={"Authorization": "Bearer t", "X-Bot-Tag": "x" * 65},
)
assert r.status_code == 400
def test_bot_tag_not_required_on_health():
"""Health endpoint deve restare senza auth e senza bot tag."""
from cerbero_mcp.auth import install_auth_middleware
fa = FastAPI()
install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
@fa.get("/health")
def h():
return {"ok": True}
c = TestClient(fa)
r = c.get("/health")
assert r.status_code == 200
Reference in New Issue View Git Blame Copy Permalink