mirror of https://github.com/Nezreka/SoulSync.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.1 KiB
32 lines
1.1 KiB
"""Forward-auth proxy header trust (Tier 3): OFF by default → no-op; when the
|
|
operator configures a header, a request carrying it is treated as authenticated."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from core.security.auth_proxy import trusted_proxy_user
|
|
|
|
|
|
def _headers(d):
|
|
return lambda name: d.get(name)
|
|
|
|
|
|
def test_off_when_no_header_configured():
|
|
# empty header name → feature disabled → always None (direct install unaffected)
|
|
assert trusted_proxy_user(_headers({'Remote-User': 'alice'}), '') is None
|
|
assert trusted_proxy_user(_headers({'Remote-User': 'alice'}), None) is None
|
|
|
|
|
|
def test_returns_user_when_header_present():
|
|
assert trusted_proxy_user(_headers({'Remote-User': 'alice'}), 'Remote-User') == 'alice'
|
|
|
|
|
|
def test_none_when_configured_header_absent_or_blank():
|
|
assert trusted_proxy_user(_headers({}), 'Remote-User') is None
|
|
assert trusted_proxy_user(_headers({'Remote-User': ' '}), 'Remote-User') is None
|
|
|
|
|
|
def test_get_header_exception_is_safe():
|
|
def boom(_name):
|
|
raise RuntimeError('header lookup blew up')
|
|
assert trusted_proxy_user(boom, 'Remote-User') is None
|