Files
CLIProxyAPI/sdk/cliproxy/auth/classification_test.go
Luis Pater 70053beadb feat(auth): refactor credential kind detection and add dynamic source classification
- Introduced `AuthKind` and `AuthSourceKind` methods for improved credential type and source classification.
- Replaced legacy fallback logic with normalized attribute-based handling in `AuthKind`.
- Consolidated metadata inspection for both API key and OAuth attributes.
- Updated calls to replace direct `AccountInfo` usage with `AuthKind` and `AuthSourceKind`.
- Enhanced unit tests to validate explicit and fallback credential resolution scenarios.
2026-06-23 23:21:33 +08:00

126 lines
3.4 KiB
Go

package auth
import "testing"
func TestAuthKind(t *testing.T) {
tests := []struct {
name string
auth *Auth
want string
}{
{
name: "explicit api key attribute",
auth: &Auth{Attributes: map[string]string{AttributeAuthKind: "api_key"}},
want: AuthKindAPIKey,
},
{
name: "explicit oauth attribute wins over api key fallback",
auth: &Auth{Attributes: map[string]string{AttributeAuthKind: "oauth", AttributeAPIKey: "k"}},
want: AuthKindOAuth,
},
{
name: "explicit oauth metadata",
auth: &Auth{Metadata: map[string]any{AttributeAuthKind: "oauth"}},
want: AuthKindOAuth,
},
{
name: "legacy api key attribute",
auth: &Auth{Attributes: map[string]string{AttributeAPIKey: "k"}},
want: AuthKindAPIKey,
},
{
name: "legacy oauth metadata",
auth: &Auth{Metadata: map[string]any{"access_token": "token"}},
want: AuthKindOAuth,
},
{
name: "unknown metadata shape",
auth: &Auth{Metadata: map[string]any{"type": "test"}},
want: "",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.auth.AuthKind(); got != tt.want {
t.Fatalf("AuthKind() = %q, want %q", got, tt.want)
}
})
}
}
func TestAuthSourceKind(t *testing.T) {
tests := []struct {
name string
auth *Auth
want string
}{
{
name: "runtime only memory",
auth: &Auth{Attributes: map[string]string{AttributeRuntimeOnly: "true", AttributeSourceBackend: AuthSourcePostgres}},
want: AuthSourceMemory,
},
{
name: "backend postgres",
auth: &Auth{Attributes: map[string]string{AttributeSourceBackend: "postgresql", AttributePath: "/tmp/auth.json"}},
want: AuthSourcePostgres,
},
{
name: "backend object store",
auth: &Auth{Attributes: map[string]string{AttributeSourceBackend: "object-store", AttributePath: "/tmp/auth.json"}},
want: AuthSourceObjectStore,
},
{
name: "config source",
auth: &Auth{Attributes: map[string]string{AttributeSource: "config:codex[abc]"}},
want: AuthSourceConfig,
},
{
name: "path source",
auth: &Auth{Attributes: map[string]string{AttributeSource: "/tmp/auth.json"}},
want: AuthSourceFile,
},
{
name: "path attribute",
auth: &Auth{Attributes: map[string]string{AttributePath: "/tmp/auth.json"}},
want: AuthSourceFile,
},
{
name: "filename fallback",
auth: &Auth{FileName: "codex.json"},
want: AuthSourceFile,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.auth.AuthSourceKind(); got != tt.want {
t.Fatalf("AuthSourceKind() = %q, want %q", got, tt.want)
}
})
}
}
func TestAccountInfoUsesAuthKind(t *testing.T) {
apiKeyAuth := &Auth{Attributes: map[string]string{AttributeAuthKind: "api-key", AttributeAPIKey: "k"}}
kind, value := apiKeyAuth.AccountInfo()
if kind != "api_key" || value != "k" {
t.Fatalf("api key AccountInfo() = %q, %q", kind, value)
}
oauthAuth := &Auth{
Attributes: map[string]string{AttributeAuthKind: AuthKindOAuth, AttributeAPIKey: "k"},
Metadata: map[string]any{"email": "user@example.com"},
}
kind, value = oauthAuth.AccountInfo()
if kind != "oauth" || value != "user@example.com" {
t.Fatalf("oauth AccountInfo() = %q, %q", kind, value)
}
oauthWithoutEmail := &Auth{Metadata: map[string]any{"access_token": "token"}}
kind, value = oauthWithoutEmail.AccountInfo()
if kind != "oauth" || value != "" {
t.Fatalf("oauth without email AccountInfo() = %q, %q", kind, value)
}
}