cqrenet/aoc
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity

Release v1.7.15: security hardening, async auth, CSP tightening, model validation, SSRF guard, rate limiting improvements, frontend extraction, Docker compose security
Release / build-and-push (push) Successful in 3m12s
Details

Browse Source
This commit is contained in:
Tomas Kracmar
2026-05-28 14:57:09 +02:00
parent fe95dfcfce
commit f7fca05210
18 changed files with 943 additions and 873 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/tests/test_api.py
+2 -2
View File
@@ -157,8 +157,8 @@ def test_saved_searches_delete_not_found(client, monkeypatch):
def test_saved_searches_create_validation(client, monkeypatch):
monkeypatch.setattr("auth.AUTH_ENABLED", False)
response = client.post("/api/saved-searches", json={"name": " ", "filters": {}})
assert response.status_code == 400
response = client.post("/api/saved-searches", json={"name": "", "filters": {}})
assert response.status_code == 422
def test_privacy_filtering_events_by_operation(client, mock_events_collection, monkeypatch):
backend/tests/test_ask.py
+1 -1
View File
@@ -141,7 +141,7 @@ class TestBuildEventQuery:
class TestAskEndpoint:
def test_ask_empty_question(self, client):
response = client.post("/api/ask", json={"question": ""})
assert response.status_code == 400
assert response.status_code == 422
def test_ask_no_events(self, client):
response = client.post("/api/ask", json={"question": "What happened to device NONEXISTENT in the last 3 days?"})
backend/tests/test_auth.py
+4 -3
View File
@@ -1,3 +1,4 @@
import asyncio
from unittest.mock import patch
import auth
@@ -28,19 +29,19 @@ def test_allowed_by_group():
@patch("auth.AUTH_ENABLED", False)
def test_require_auth_disabled():
claims = require_auth(None)
claims = asyncio.run(require_auth(None))
assert claims["sub"] == "anonymous"
@patch("auth.AUTH_ENABLED", True)
def test_require_auth_missing_header():
with pytest.raises(HTTPException) as exc_info:
require_auth(None)
asyncio.run(require_auth(None))
assert exc_info.value.status_code == 401
@patch("auth.AUTH_ENABLED", True)
def test_require_auth_invalid_bearer():
with pytest.raises(HTTPException) as exc_info:
require_auth("Basic abc")
asyncio.run(require_auth("Basic abc"))
assert exc_info.value.status_code == 401