ngskcloud
/
gcgj-dify-1.7.0
14
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
deploy/rag-dev
feat/rag-2
deploy/dev
chore/plugin-error
feat/change-user-email-freezes-limit
feat/support-bool-variable-fe
feat/hitl-frontend
deploy/enterprise
feat/enchance-prompt-and-code-fe
build/oauth
feat/oauth
feature/smtp-oauth2-support
feat/human-input
build/plugin-auto-upgrade
test/performance
feat/tool-plugin-oauth
feat/tool-oauth
feat/email-update-frontend
temp-feat-owner-transfer-enterprise-frontend
feat/ownership-transfer-frontend
release/e-3.0.2
feat/plugin-auto-upgrade-fe
refactor/tanstack-form
chore/offline-the-sys-files
feat/rag-pipeline
feat/r2
release/e-3.2.0
wtw/rag-pipeline
feat/add-retrival-field-in-dataset
feat/datasource
e-260
revert-20786-fix/add_postgres_user
feat/webapp-verified-sso-main
fix/app-not-published-error
feat/webapp-verified-sso-260
release/0.15-support
fix/20421
v141-hotfix
fix/20326-tool-invoke-error-instance-account
fix/19933-account-object-has-no-attribute-_current_tenant-when-workflow-uses-workflow-as-tool-node
hotfix/0519
fix/e-legacy-clean-up
QuantumGhost-patch-1
fix/admin-permission
fix/e-admin-permission
feat/model-memory
feat/webapp-auth-api
1.0.0-fix
revert-17133-fix/i16990-text-to-language-settings
e-0156
release/1.1.3-fix1
hotfix/translation-fix
fix/slider-style-error
e-0154
release/0.15.6-alpha-1
cohere/cleanup-free-tenants-logs
release/1.0.1-fix1
release/1.0.0-fix1
chore/auto-dify
fix/rag-infinity-spaces-loop
fix/dataset-admin
fix/expose-debugging-port
dev/plugin-deploy
fix/tool-info
fix/aws-s3-r2-compatible
feat/knowledge-metabase
fix/fail-branch-stream-output-error
release/0.15.3-fix1
feat/14009-feature-request-support-for-retrieving-historical-conversations-without-from-enduser-id
fix/build-error
chore/infrastructure-upgrade
feat/upgrade-unstructured-version-10.2
feat/classnames-sort
feat/upgrade-unstructured-version
fix/version-check
fix/handle-agent-none-value
fix/agent-params-pasring
fix/agent-parallel
feat/knowledge-dark-mode
feat/custom-tool-input
release/0.15.2-fix1
0.15.1-admin-apis
feat/support-docx-image-view
chore/upgrade-next
hotfix/get-property-of-string-type-cause-page-crash
feat/agent-stream-output
feat/workflow-node-dark-mode
fix/not-show-strategy-type
fix/switch-strategy-clean-param
fix/chore-fix
opik-monitoring
provider-gpustack
feat/mecab-japanese-keywords
feat/retry-single-step-debug
revert-12086-feat/parent-child-retrieval
fix/remove-the-retry-index-field
fix/11839
feat/node-execution-retry
feat/support-extractor-tools-update-wip
feat/update-tidb-batchget-endpoint
fix/iteration-thread-pool-error
feat/support-multi-token-count
feat/parent-child-retrieval-api
fix/app-icon-is-missing
feat/support-extractor-tools-update
test/disable_site
build/add-dependabot
feat/support-extractor-tools
fix/docx-extract-image-ssrf
fix/redis-slow-in-gevent
fix/9772-internal-server-error-when-custom-disclaimer-longer-than-64-characters
alert-autofix-89
build/eslint-react-refresh-plugin
build/switch-to-pnpm
revert-9424-feat/update-dataset-clean-rule
fix/external-knowledge-retrieval-issues
feat/login-type-coontrol
feat/external-knowledge-api
feat/rag-external-knowledge-with-api
feat/external-knowledge
fix/notion-table-extract
fix/retrieval-test
fix/tooltip
feat/workflow-add-block-shortcut
feat/update-docs
fix/note-node-zoom-issue
fix/model-runtime-quato-issue
fix/db-lock-timeout
feat/new-tooltip
feat/web-app-sso
chore/optimize-app-workflow-deletion-slow-sql
fix/trace_app_config_app_id_idx
fix/extra-table-tracing-app-config
feat/update-beat-job-time-to-env
fix/index-estimate-error
chore/enterprise-license-status
fix/remove-tsne_position
feat/2p
feat/aws-iam-auth-check
feat/add-flashrank
feat/support-milvus-2.4
feat/add-resource-from-tools
bai
1.7.0
1.6.0
1.5.1
1.5.0
0.15.8
1.3.1
0.15.7
1.3.0
0.15.6
1.2.0
0.15.6-alpha.1
1.1.3
0.15.5
0.10.2-fix1
0.10.0
0.10.0-beta1
0.10.0-beta2
0.10.0-beta3
0.10.1
0.10.2
0.11.0
0.11.1
0.11.2
0.12.0
0.12.1
0.13.0
0.13.1
0.13.2
0.14.0
0.14.1
0.14.2
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.2.1
0.2.2
0.3.0
0.3.1
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18
0.3.19
0.3.2
0.3.20
0.3.21
0.3.22
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27
0.3.28
0.3.29
0.3.3
0.3.30
0.3.31
0.3.31-fix1
0.3.31-fix2
0.3.31-fix3
0.3.32
0.3.33
0.3.34
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.10
0.5.11
0.5.11-fix1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.6.0
0.6.0-fix1
0.6.0-preview-workflow.1
0.6.0-preview-workflow.2
0.6.1
0.6.10
0.6.11
0.6.12
0.6.12-fix1
0.6.13
0.6.14
0.6.15
0.6.16
0.6.2
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.0-beta1
0.8.1
0.8.2
0.8.3
0.9.0
0.9.1
0.9.1-fix1
0.9.2
1.0.0
1.0.0-beta.1
1.0.1
1.1.0
1.1.1
1.1.2
1.4.0
1.4.1
1.4.2
1.4.3
v0.8.3-fix1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd7e4bbe492'
${ noResults }
gcgj-dify-1.7.0/api/tests/unit_tests/libs/mail/test_oauth_email.py

376 lines
14 KiB
Python
Raw Blame History

"""Comprehensive tests for email OAuth implementation"""
import base64
from typing import Optional, Union
import pytest
from libs.mail.oauth_email import MicrosoftEmailOAuth, OAuthUserInfo
from libs.mail.oauth_http_client import OAuthHTTPClientProtocol
class MockHTTPClient(OAuthHTTPClientProtocol):
"""Mock HTTP client for testing OAuth without real network calls"""
def __init__(self):
self.post_responses = []
self.get_responses = []
self.post_calls = []
self.get_calls = []
self.post_index = 0
self.get_index = 0
def add_post_response(self, status_code: int, json_data: dict[str, Union[str, int]]):
"""Add a mocked POST response"""
self.post_responses.append(
{
"status_code": status_code,
"json": json_data,
"text": str(json_data),
"headers": {"content-type": "application/json"},
}
)
def add_get_response(self, json_data: dict[str, Union[str, int, dict, list]]):
"""Add a mocked GET response"""
self.get_responses.append(json_data)
def post(
self, url: str, data: dict[str, Union[str, int]], headers: Optional[dict[str, str]] = None
) -> dict[str, Union[str, int, dict, list]]:
"""Mock POST request"""
self.post_calls.append({"url": url, "data": data, "headers": headers})
if self.post_index < len(self.post_responses):
response = self.post_responses[self.post_index]
self.post_index += 1
return response
# Default error response
return {
"status_code": 500,
"json": {"error": "No mock response configured"},
"text": "No mock response configured",
"headers": {},
}
def get(self, url: str, headers: Optional[dict[str, str]] = None) -> dict[str, Union[str, int, dict, list]]:
"""Mock GET request"""
self.get_calls.append({"url": url, "headers": headers})
if self.get_index < len(self.get_responses):
response = self.get_responses[self.get_index]
self.get_index += 1
return response
# Default error response
raise Exception("No mock response configured")
class TestMicrosoftEmailOAuth:
"""Test cases for MicrosoftEmailOAuth"""
@pytest.fixture
def mock_http_client(self):
"""Create a mock HTTP client"""
return MockHTTPClient()
@pytest.fixture
def oauth_client(self, mock_http_client):
"""Create OAuth client with mock HTTP client"""
return MicrosoftEmailOAuth(
client_id="test-client-id",
client_secret="test-client-secret",
redirect_uri="https://example.com/callback",
tenant_id="test-tenant",
http_client=mock_http_client,
)
def test_get_authorization_url(self, oauth_client):
"""Test authorization URL generation"""
url = oauth_client.get_authorization_url()
assert "login.microsoftonline.com/test-tenant/oauth2/v2.0/authorize" in url
assert "client_id=test-client-id" in url
assert "response_type=code" in url
assert "redirect_uri=https%3A%2F%2Fexample.com%2Fcallback" in url
assert "scope=https%3A%2F%2Foutlook.office.com%2FSMTP.Send+offline_access" in url
assert "response_mode=query" in url
def test_get_authorization_url_with_state(self, oauth_client):
"""Test authorization URL with state parameter"""
url = oauth_client.get_authorization_url(invite_token="test-state-123")
assert "state=test-state-123" in url
def test_get_access_token_success(self, oauth_client, mock_http_client):
"""Test successful access token retrieval"""
# Setup mock response
mock_http_client.add_post_response(
200,
{
"access_token": "test-access-token",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "test-refresh-token",
},
)
result = oauth_client.get_access_token("test-auth-code")
# Verify result
assert result["access_token"] == "test-access-token"
assert result["token_type"] == "Bearer"
assert result["expires_in"] == 3600
assert result["refresh_token"] == "test-refresh-token"
# Verify HTTP call
assert len(mock_http_client.post_calls) == 1
call = mock_http_client.post_calls[0]
assert "login.microsoftonline.com/test-tenant/oauth2/v2.0/token" in call["url"]
assert call["data"]["grant_type"] == "authorization_code"
assert call["data"]["code"] == "test-auth-code"
assert call["data"]["client_id"] == "test-client-id"
assert call["data"]["client_secret"] == "test-client-secret"
def test_get_access_token_failure(self, oauth_client, mock_http_client):
"""Test access token retrieval failure"""
# Setup mock error response
mock_http_client.add_post_response(
400, {"error": "invalid_grant", "error_description": "The authorization code is invalid"}
)
with pytest.raises(ValueError, match="Error in Microsoft OAuth"):
oauth_client.get_access_token("bad-auth-code")
def test_get_access_token_client_credentials_success(self, oauth_client, mock_http_client):
"""Test successful client credentials flow"""
# Setup mock response
mock_http_client.add_post_response(
200, {"access_token": "service-access-token", "token_type": "Bearer", "expires_in": 3600}
)
result = oauth_client.get_access_token_client_credentials()
# Verify result
assert result["access_token"] == "service-access-token"
assert result["token_type"] == "Bearer"
# Verify HTTP call
call = mock_http_client.post_calls[0]
assert call["data"]["grant_type"] == "client_credentials"
assert call["data"]["scope"] == "https://outlook.office365.com/.default"
def test_get_access_token_client_credentials_custom_scope(self, oauth_client, mock_http_client):
"""Test client credentials with custom scope"""
mock_http_client.add_post_response(200, {"access_token": "custom-scope-token", "token_type": "Bearer"})
result = oauth_client.get_access_token_client_credentials(scope="https://graph.microsoft.com/.default")
assert result["access_token"] == "custom-scope-token"
# Verify custom scope was used
call = mock_http_client.post_calls[0]
assert call["data"]["scope"] == "https://graph.microsoft.com/.default"
def test_refresh_access_token_success(self, oauth_client, mock_http_client):
"""Test successful token refresh"""
# Setup mock response
mock_http_client.add_post_response(
200,
{
"access_token": "new-access-token",
"refresh_token": "new-refresh-token",
"token_type": "Bearer",
"expires_in": 3600,
},
)
result = oauth_client.refresh_access_token("old-refresh-token")
# Verify result
assert result["access_token"] == "new-access-token"
assert result["refresh_token"] == "new-refresh-token"
# Verify HTTP call
call = mock_http_client.post_calls[0]
assert call["data"]["grant_type"] == "refresh_token"
assert call["data"]["refresh_token"] == "old-refresh-token"
def test_refresh_access_token_failure(self, oauth_client, mock_http_client):
"""Test token refresh failure"""
# Setup mock error response
mock_http_client.add_post_response(
400, {"error": "invalid_grant", "error_description": "The refresh token has expired"}
)
with pytest.raises(ValueError, match="Error refreshing Microsoft OAuth token"):
oauth_client.refresh_access_token("expired-refresh-token")
def test_get_raw_user_info(self, oauth_client, mock_http_client):
"""Test getting user info from Microsoft Graph"""
# Setup mock response
mock_http_client.add_get_response(
{
"id": "12345",
"displayName": "Test User",
"mail": "test@contoso.com",
"userPrincipalName": "test@contoso.com",
}
)
result = oauth_client.get_raw_user_info("test-access-token")
# Verify result
assert result["id"] == "12345"
assert result["displayName"] == "Test User"
assert result["mail"] == "test@contoso.com"
# Verify HTTP call
call = mock_http_client.get_calls[0]
assert call["url"] == "https://graph.microsoft.com/v1.0/me"
assert call["headers"]["Authorization"] == "Bearer test-access-token"
def test_get_user_info_complete_flow(self, oauth_client, mock_http_client):
"""Test complete user info retrieval flow"""
# Setup mock response
mock_http_client.add_get_response(
{
"id": "67890",
"displayName": "John Doe",
"mail": "john.doe@contoso.com",
"userPrincipalName": "john.doe@contoso.com",
}
)
user_info = oauth_client.get_user_info("test-access-token")
# Verify transformed user info
assert isinstance(user_info, OAuthUserInfo)
assert user_info.id == "67890"
assert user_info.name == "John Doe"
assert user_info.email == "john.doe@contoso.com"
def test_transform_user_info_with_missing_mail(self, oauth_client):
"""Test user info transformation when mail field is missing"""
raw_info = {"id": "99999", "displayName": "No Mail User", "userPrincipalName": "nomail@contoso.com"}
user_info = oauth_client._transform_user_info(raw_info)
# Should fall back to userPrincipalName
assert user_info.email == "nomail@contoso.com"
def test_transform_user_info_with_no_display_name(self, oauth_client):
"""Test user info transformation when displayName is missing"""
raw_info = {"id": "11111", "mail": "anonymous@contoso.com", "userPrincipalName": "anonymous@contoso.com"}
user_info = oauth_client._transform_user_info(raw_info)
# Should have empty name
assert user_info.name == ""
assert user_info.email == "anonymous@contoso.com"
def test_create_sasl_xoauth2_string(self):
"""Test static SASL XOAUTH2 string creation"""
username = "test@contoso.com"
access_token = "test-token-456"
result = MicrosoftEmailOAuth.create_sasl_xoauth2_string(username, access_token)
# Decode and verify format
decoded = base64.b64decode(result).decode()
expected = f"user={username}\x01auth=Bearer {access_token}\x01\x01"
assert decoded == expected
def test_error_handling_with_non_json_response(self, oauth_client, mock_http_client):
"""Test handling of non-JSON error responses"""
# Setup mock HTML error response
mock_http_client.post_responses.append(
{
"status_code": 500,
"json": {},
"text": "<html>Internal Server Error</html>",
"headers": {"content-type": "text/html"},
}
)
with pytest.raises(ValueError, match="Error in Microsoft OAuth"):
oauth_client.get_access_token("test-code")
class TestOAuthIntegration:
"""Integration tests for OAuth with SMTP"""
def test_oauth_token_flow_for_smtp(self):
"""Test complete OAuth token flow for SMTP usage"""
# Create mock HTTP client
mock_http = MockHTTPClient()
# Setup mock responses for complete flow
mock_http.add_post_response(
200,
{
"access_token": "smtp-access-token",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "smtp-refresh-token",
"scope": "https://outlook.office.com/SMTP.Send offline_access",
},
)
# Create OAuth client
oauth_client = MicrosoftEmailOAuth(
client_id="smtp-client-id",
client_secret="smtp-client-secret",
redirect_uri="https://app.example.com/oauth/callback",
tenant_id="contoso.onmicrosoft.com",
http_client=mock_http,
)
# Get authorization URL
auth_url = oauth_client.get_authorization_url()
assert "scope=https%3A%2F%2Foutlook.office.com%2FSMTP.Send+offline_access" in auth_url
# Exchange code for token
token_response = oauth_client.get_access_token("auth-code-from-user")
assert token_response["access_token"] == "smtp-access-token"
# Create SASL string for SMTP
access_token = str(token_response["access_token"])
sasl_string = MicrosoftEmailOAuth.create_sasl_xoauth2_string("user@contoso.com", access_token)
# Verify SASL string is valid base64
try:
decoded = base64.b64decode(sasl_string)
assert b"user=user@contoso.com" in decoded
assert b"auth=Bearer smtp-access-token" in decoded
except Exception:
pytest.fail("SASL string is not valid base64")
def test_service_account_flow(self):
"""Test service account (client credentials) flow"""
mock_http = MockHTTPClient()
# Setup mock response for client credentials
mock_http.add_post_response(
200, {"access_token": "service-smtp-token", "token_type": "Bearer", "expires_in": 3600}
)
oauth_client = MicrosoftEmailOAuth(
client_id="service-client-id",
client_secret="service-client-secret",
redirect_uri="", # Not needed for service accounts
tenant_id="contoso.onmicrosoft.com",
http_client=mock_http,
)
# Get token using client credentials
token_response = oauth_client.get_access_token_client_credentials()
assert token_response["access_token"] == "service-smtp-token"
# Verify the request used correct grant type
call = mock_http.post_calls[0]
assert call["data"]["grant_type"] == "client_credentials"
assert "redirect_uri" not in call["data"] # Should not include redirect_uri
Reference in New Issue View Git Blame Copy Permalink