administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-04-15 11:32:09 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix proxy auth tests

Browse Source
This commit is contained in:
Josh Hawkins 2025-09-10 14:51:12 -05:00
parent c93f53d84c
commit 7d3180b4f0
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
frigate/test/test_proxy_auth.py
View File

@ -19,61 +19,60 @@ class TestProxyRoleResolution(unittest.TestCase):
}, },
), ),
) )
self.config_roles = list(["admin", "viewer"])
def test_role_map_single_group_match(self): def test_role_map_single_group_match(self):
headers = {"x-remote-role": "group_admin"} headers = {"x-remote-role": "group_admin"}
role = resolve_role(headers, self.proxy_config) role = resolve_role(headers, self.proxy_config, self.config_roles)
self.assertEqual(role, "admin") self.assertEqual(role, "admin")
def test_role_map_multiple_groups(self): def test_role_map_multiple_groups(self):
headers = {"x-remote-role": "group_viewer|group_admin"} headers = {"x-remote-role": "group_admin|group_viewer"}
role = resolve_role(headers, self.proxy_config) role = resolve_role(headers, self.proxy_config, self.config_roles)
# admin should win since VALID_ROLES priority puts it before viewer
self.assertEqual(role, "admin") self.assertEqual(role, "admin")
def test_direct_role_header_with_separator(self): def test_direct_role_header_with_separator(self):
config = self.proxy_config config = self.proxy_config
config.header_map.role_map = None # disable role_map config.header_map.role_map = None # disable role_map
headers = {"x-remote-role": "viewer|admin"} headers = {"x-remote-role": "admin|viewer"}
role = resolve_role(headers, config) role = resolve_role(headers, config, self.config_roles)
# admin should be chosen since it appears in VALID_ROLES
self.assertEqual(role, "admin") self.assertEqual(role, "admin")
def test_invalid_role_header(self): def test_invalid_role_header(self):
config = self.proxy_config config = self.proxy_config
config.header_map.role_map = None config.header_map.role_map = None
headers = {"x-remote-role": "notarole"} headers = {"x-remote-role": "notarole"}
role = resolve_role(headers, config) role = resolve_role(headers, config, self.config_roles)
self.assertEqual(role, config.default_role) self.assertEqual(role, config.default_role)
def test_missing_role_header(self): def test_missing_role_header(self):
headers = {} headers = {}
role = resolve_role(headers, self.proxy_config) role = resolve_role(headers, self.proxy_config, self.config_roles)
self.assertEqual(role, self.proxy_config.default_role) self.assertEqual(role, self.proxy_config.default_role)
def test_empty_role_header(self): def test_empty_role_header(self):
headers = {"x-remote-role": ""} headers = {"x-remote-role": ""}
role = resolve_role(headers, self.proxy_config) role = resolve_role(headers, self.proxy_config, self.config_roles)
self.assertEqual(role, self.proxy_config.default_role) self.assertEqual(role, self.proxy_config.default_role)
def test_whitespace_groups(self): def test_whitespace_groups(self):
headers = {"x-remote-role": " | group_admin | "} headers = {"x-remote-role": " | group_admin | "}
role = resolve_role(headers, self.proxy_config) role = resolve_role(headers, self.proxy_config, self.config_roles)
self.assertEqual(role, "admin") self.assertEqual(role, "admin")
def test_mixed_valid_and_invalid_groups(self): def test_mixed_valid_and_invalid_groups(self):
headers = {"x-remote-role": "bogus|group_viewer"} headers = {"x-remote-role": "bogus|group_viewer"}
role = resolve_role(headers, self.proxy_config) role = resolve_role(headers, self.proxy_config, self.config_roles)
self.assertEqual(role, "viewer") self.assertEqual(role, "viewer")
def test_case_insensitive_role_direct(self): def test_case_insensitive_role_direct(self):
config = self.proxy_config config = self.proxy_config
config.header_map.role_map = None config.header_map.role_map = None
headers = {"x-remote-role": "AdMiN"} headers = {"x-remote-role": "AdMiN"}
role = resolve_role(headers, config) role = resolve_role(headers, config, self.config_roles)
self.assertEqual(role, "admin") self.assertEqual(role, "admin")
def test_role_map_no_match_falls_back(self): def test_role_map_no_match_falls_back(self):
headers = {"x-remote-role": "group_unknown"} headers = {"x-remote-role": "group_unknown"}
role = resolve_role(headers, self.proxy_config) role = resolve_role(headers, self.proxy_config, self.config_roles)
self.assertEqual(role, self.proxy_config.default_role) self.assertEqual(role, self.proxy_config.default_role)