mirror of
https://github.com/ipnet-mesh/meshcore-hub.git
synced 2026-05-18 07:15:59 +02:00
Louis King
9873aa202b
Remove the reverse-proxy header authentication pattern (X-Forwarded-User, X-Auth-Request-User, Basic auth forwarding) from the web dashboard. Admin access is now controlled solely by the WEB_ADMIN_ENABLED flag. - Remove web_trusted_proxy_hosts config field and ProxyHeadersMiddleware - Remove _is_authenticated_proxy_request() and api_proxy() 401 guard - Remove is_authenticated from SPA config JSON - Remove OAuth2 login/sign-out UI from admin pages and router - Remove auth_required i18n keys (en, nl) - Remove auth-related tests and fixtures - Delete docs/hosting/nginx-proxy-manager.md - Update README, AGENTS.md, .env.example, docs/i18n.md, agents docs-sync refs 572 tests pass, pre-commit clean.
150 lines
4.9 KiB
Python
150 lines
4.9 KiB
Python
"""Tests for admin web routes (SPA)."""
|
|
|
|
import json
|
|
from typing import Any
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
|
|
from meshcore_hub.web.app import create_app
|
|
|
|
from .conftest import MockHttpClient
|
|
|
|
|
|
@pytest.fixture
|
|
def admin_app(mock_http_client: MockHttpClient) -> Any:
|
|
"""Create a web app with admin enabled."""
|
|
app = create_app(
|
|
api_url="http://localhost:8000",
|
|
api_key="test-api-key",
|
|
network_name="Test Network",
|
|
network_city="Test City",
|
|
network_country="Test Country",
|
|
network_radio_config="Test Radio Config",
|
|
network_contact_email="test@example.com",
|
|
admin_enabled=True,
|
|
)
|
|
|
|
app.state.http_client = mock_http_client
|
|
|
|
return app
|
|
|
|
|
|
@pytest.fixture
|
|
def admin_app_disabled(mock_http_client: MockHttpClient) -> Any:
|
|
"""Create a web app with admin disabled."""
|
|
app = create_app(
|
|
api_url="http://localhost:8000",
|
|
api_key="test-api-key",
|
|
network_name="Test Network",
|
|
network_city="Test City",
|
|
network_country="Test Country",
|
|
network_radio_config="Test Radio Config",
|
|
network_contact_email="test@example.com",
|
|
admin_enabled=False,
|
|
)
|
|
|
|
app.state.http_client = mock_http_client
|
|
|
|
return app
|
|
|
|
|
|
@pytest.fixture
|
|
def admin_client(admin_app: Any, mock_http_client: MockHttpClient) -> TestClient:
|
|
"""Create a test client with admin enabled."""
|
|
admin_app.state.http_client = mock_http_client
|
|
return TestClient(admin_app, raise_server_exceptions=True)
|
|
|
|
|
|
@pytest.fixture
|
|
def admin_client_disabled(
|
|
admin_app_disabled: Any, mock_http_client: MockHttpClient
|
|
) -> TestClient:
|
|
"""Create a test client with admin disabled."""
|
|
admin_app_disabled.state.http_client = mock_http_client
|
|
return TestClient(admin_app_disabled, raise_server_exceptions=True)
|
|
|
|
|
|
class TestAdminHome:
|
|
"""Tests for admin home page (SPA).
|
|
|
|
In the SPA architecture, admin routes serve the same shell HTML.
|
|
Admin access control is handled client-side based on
|
|
window.__APP_CONFIG__.admin_enabled.
|
|
"""
|
|
|
|
def test_admin_home_returns_spa_shell(self, admin_client):
|
|
"""Test admin home page returns the SPA shell."""
|
|
response = admin_client.get("/a/")
|
|
assert response.status_code == 200
|
|
assert "window.__APP_CONFIG__" in response.text
|
|
|
|
def test_admin_home_config_admin_enabled(self, admin_client):
|
|
"""Test admin config shows admin_enabled: true."""
|
|
response = admin_client.get("/a/")
|
|
text = response.text
|
|
config_start = text.find("window.__APP_CONFIG__ = ") + len(
|
|
"window.__APP_CONFIG__ = "
|
|
)
|
|
config_end = text.find(";", config_start)
|
|
config = json.loads(text[config_start:config_end])
|
|
|
|
assert config["admin_enabled"] is True
|
|
|
|
def test_admin_home_disabled_returns_spa_shell(
|
|
self,
|
|
admin_client_disabled,
|
|
):
|
|
"""Test admin page returns SPA shell even when disabled.
|
|
|
|
The SPA catch-all serves the shell for all routes.
|
|
Client-side code checks admin_enabled to show/hide admin UI.
|
|
"""
|
|
response = admin_client_disabled.get("/a/")
|
|
assert response.status_code == 200
|
|
assert "window.__APP_CONFIG__" in response.text
|
|
|
|
|
|
class TestAdminNodeTags:
|
|
"""Tests for admin node tags page (SPA)."""
|
|
|
|
def test_node_tags_page_returns_spa_shell(self, admin_client):
|
|
"""Test node tags page returns the SPA shell."""
|
|
response = admin_client.get("/a/node-tags")
|
|
assert response.status_code == 200
|
|
assert "window.__APP_CONFIG__" in response.text
|
|
|
|
def test_node_tags_page_with_public_key(self, admin_client):
|
|
"""Test node tags page with public_key param returns SPA shell."""
|
|
response = admin_client.get(
|
|
"/a/node-tags?public_key=abc123def456abc123def456abc123de",
|
|
)
|
|
assert response.status_code == 200
|
|
assert "window.__APP_CONFIG__" in response.text
|
|
|
|
def test_node_tags_page_disabled_returns_spa_shell(
|
|
self,
|
|
admin_client_disabled,
|
|
):
|
|
"""Test node tags page returns SPA shell even when admin is disabled."""
|
|
response = admin_client_disabled.get("/a/node-tags")
|
|
assert response.status_code == 200
|
|
assert "window.__APP_CONFIG__" in response.text
|
|
|
|
|
|
class TestAdminFooterLink:
|
|
"""Tests for admin link in footer."""
|
|
|
|
def test_admin_link_visible_when_enabled(self, admin_client):
|
|
"""Test that admin link appears in footer when enabled."""
|
|
response = admin_client.get("/")
|
|
assert response.status_code == 200
|
|
assert 'href="/a/"' in response.text
|
|
assert "Admin" in response.text
|
|
|
|
def test_admin_link_hidden_when_disabled(self, admin_client_disabled):
|
|
"""Test that admin link does not appear in footer when disabled."""
|
|
response = admin_client_disabled.get("/")
|
|
assert response.status_code == 200
|
|
assert 'href="/a/"' not in response.text
|