mirror of
https://github.com/imartinez/privateGPT.git
synced 2025-05-12 10:24:20 +00:00
aa70d3d9f0
* Add simple Basic auth To enable the basic authentication, one must set `server.auth.enabled` to true. The static string defined in `server.auth.secret` must be set in the header `Authorization`. The health check endpoint will always be accessible, no matter the API auth configuration. * Fix linting and type check * Fighting with mypy being too restrictive Had to disable mypy in the `auth` as we are not using the same signature for the authenticated method. mypy was complaining that the signatures of `authenticated` must be identical, no matter in which logical branch we are. Given that fastapi is accomodating itself of method signatures (it will inject the dependencies in the method call), this warning of mypy is actually preventing us to do something legit. mypy doc: https://mypy.readthedocs.io/en/stable/common_issues.html * Write tests to verify that the simple auth is working
56 lines
1.7 KiB
Python
56 lines
1.7 KiB
Python
"""Tests to validate that the simple authentication mechanism is working.
|
|
|
|
NOTE: We are not testing the switch based on the config in
|
|
`private_gpt.server.utils.auth`. This is not done because of the way the code
|
|
is currently architecture (it is hard to patch the `settings` and the app while
|
|
the tests are directly importing them).
|
|
"""
|
|
from typing import Annotated
|
|
|
|
import pytest
|
|
from fastapi import Depends, FastAPI
|
|
from fastapi.testclient import TestClient
|
|
|
|
from private_gpt.server.utils.auth import (
|
|
NOT_AUTHENTICATED,
|
|
_simple_authentication,
|
|
authenticated,
|
|
)
|
|
from private_gpt.settings.settings import settings
|
|
|
|
|
|
def _copy_simple_authenticated(
|
|
_simple_authentication: Annotated[bool, Depends(_simple_authentication)]
|
|
) -> bool:
|
|
"""Check if the request is authenticated."""
|
|
if not _simple_authentication:
|
|
raise NOT_AUTHENTICATED
|
|
return True
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _patch_authenticated_dependency(current_test_app: FastAPI):
|
|
# Patch the server to use simple authentication
|
|
current_test_app.dependency_overrides[authenticated] = _copy_simple_authenticated
|
|
|
|
# Call the actual test
|
|
yield
|
|
|
|
# Remove the patch for other tests
|
|
current_test_app.dependency_overrides = {}
|
|
|
|
|
|
def test_default_auth_working_when_enabled_401(test_client: TestClient) -> None:
|
|
response = test_client.get("/v1/ingest/list")
|
|
assert response.status_code == 401
|
|
|
|
|
|
def test_default_auth_working_when_enabled_200(test_client: TestClient) -> None:
|
|
response_fail = test_client.get("/v1/ingest/list")
|
|
assert response_fail.status_code == 401
|
|
|
|
response_success = test_client.get(
|
|
"/v1/ingest/list", headers={"Authorization": settings.server.auth.secret}
|
|
)
|
|
assert response_success.status_code == 200
|