49 lines
1.5 KiB
Python
49 lines
1.5 KiB
Python
"""验证中控 embed-auth 与 login 返回 session_token。"""
|
|
from __future__ import annotations
|
|
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
ROOT = Path(__file__).resolve().parents[1]
|
|
sys.path.insert(0, str(ROOT / "manual_trading_hub"))
|
|
sys.path.insert(0, str(ROOT))
|
|
|
|
from fastapi.testclient import TestClient
|
|
|
|
import os
|
|
|
|
os.environ.setdefault("HUB_PASSWORD", "test-pass")
|
|
os.environ.setdefault("HUB_USERNAME", "admin")
|
|
os.environ["HUB_ALLOW_PUBLIC"] = "true"
|
|
|
|
import hub as hub_mod # noqa: E402
|
|
|
|
client = TestClient(hub_mod.app)
|
|
|
|
|
|
def main() -> int:
|
|
r = client.post("/api/auth/login", json={"username": "admin", "password": "test-pass"})
|
|
assert r.status_code == 200, r.text
|
|
data = r.json()
|
|
assert data.get("ok") is True, data
|
|
token = data.get("session_token")
|
|
assert token, "login 应返回 session_token"
|
|
|
|
r2 = client.get(f"/embed-auth?token={token}&next=/monitor", follow_redirects=False)
|
|
assert r2.status_code in (302, 307), r2.status_code
|
|
assert r2.headers.get("location", "").endswith("/monitor")
|
|
assert hub_mod.SESSION_COOKIE in r2.headers.get("set-cookie", "")
|
|
|
|
r3 = client.get("/monitor", cookies={hub_mod.SESSION_COOKIE: token})
|
|
assert r3.status_code == 200, r3.status_code
|
|
|
|
csp = client.get("/login").headers.get("content-security-policy", "")
|
|
assert "frame-ancestors" in csp, csp
|
|
|
|
print("OK: embed-auth sets session cookie; login returns session_token")
|
|
return 0
|
|
|
|
|
|
if __name__ == "__main__":
|
|
raise SystemExit(main())
|